In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 10-11, 2024.
During this period, The National Vulnerability Database published 9, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 3
Low: 4
Severity Not Assigned: 1
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-2353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md
https://vuldb.com/?ctiid.256313
https://vuldb.com/?id.256313
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 10-11, 2024.
During this period, The National Vulnerability Database published 9, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 3
Low: 4
Severity Not Assigned: 1
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-2353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md
https://vuldb.com/?ctiid.256313
https://vuldb.com/?id.256313
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found