Cyber Posture

CVE-2024-57036

HighPublic PoCRCE

Published: 21 January 2025

Published
21 January 2025
Modified
29 April 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0007 20.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57036 is a high-severity Command Injection (CWE-77) vulnerability in Totolink A810R Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly prevents command insertion by enforcing validity checks on HTTP request inputs to the downloadFile.cgi main function.

SI-2 Flaw Remediation good match
prevent

SI-2 mitigates the vulnerability by identifying, reporting, and correcting the specific flaw in TOTOLINK A810R firmware V4.1.2cu.5032_B20200407.

SI-4 System Monitoring partial match
detect

SI-4 detects exploitation of the command insertion vulnerability through monitoring of unauthorized commands or anomalous router activity.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command insertion in downloadFile.cgi enables exploitation of public-facing web application (T1190) for arbitrary Unix shell command execution (T1059.004) on the router.

NVD Description

TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.

Deeper analysisAI

CVE-2024-57036 is a command insertion vulnerability (CWE-77) in the TOTOLINK A810R router firmware version V4.1.2cu.5032_B20200407. The issue exists in the main function of the downloadFile.cgi script, which allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. Published on 2025-01-21, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its network accessibility and potential for significant impact.

A remote attacker with low privileges (PR:L), such as an authenticated user, can exploit the vulnerability over the network with low attack complexity and no user interaction. By sending a malicious HTTP request to downloadFile.cgi, the attacker achieves arbitrary command execution on the device, resulting in high impacts to confidentiality and integrity, while availability remains unaffected.

The primary reference for this vulnerability is available at https://github.com/luckysmallbird/Totolink-A810R-Vulnerability-1/blob/main/3.md, which provides additional details relevant to practitioners.

Details

CWE(s)
CWE-77

Affected Products

totolink
a810r firmware
4.1.2cu.5032_b20200407

CVEs Like This One

CVE-2025-28135Same product: Totolink A810R
CVE-2025-52053Same vendor: Totolink
CVE-2026-31175Same vendor: Totolink
CVE-2026-31170Same vendor: Totolink
CVE-2025-2096Same vendor: Totolink
CVE-2026-5102Same vendor: Totolink
CVE-2026-5103Same vendor: Totolink
CVE-2026-0641Same vendor: Totolink
CVE-2026-3301Same vendor: Totolink
CVE-2026-1547Same vendor: Totolink

References