Cyber Resilience

CVE-2024-7464

MediumPublic PoC

Published: 05 August 2024

Published
05 August 2024
Modified
15 August 2024
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.3837 97.3th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7464 is a medium-severity Command Injection (CWE-77) vulnerability in Totolink Cp900 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-7464 is a command injection vulnerability in the TOTOLINK CP900 router running firmware 6.3c.566. It resides in the setTelnetCfg function of the Telnet service, where unsanitized input to the telnet_enabled argument allows arbitrary command execution. The flaw is tracked as CWE-77 and carries a CVSS 4.0 score of 5.3 reflecting network attack vector, low complexity, and low-privileged access with limited impacts on confidentiality, integrity, and availability.

An authenticated remote attacker can supply a malicious telnet_enabled value to the affected endpoint and execute operating-system commands on the device. Public proof-of-concept code has been released, enabling straightforward exploitation without user interaction or additional privileges beyond a valid management account.

Vendor contact prior to disclosure produced no response, and the listed references contain only third-party advisories and exploit details with no official patch or mitigation guidance. The EPSS score has reached a peak of 0.4490 with a current value of 0.3837, indicating moderate and sustained exploitation interest following public release of the details.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated…

more

remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

Command injection in web-exposed setTelnetCfg function of Telnet Service enables remote exploitation of public-facing application (T1190), indirect command execution (T1202 as per advisory), and network device CLI command execution (T1059.008).

Affected Assets

totolink
cp900 firmware
6.3c.566

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References