FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-7171

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Jul 28, 2024 / Updated: 3mo ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been discovered in TOTOLINK A3600R version 4.1.2cu.5182_B20201102. The vulnerability affects the NTPSyncWithHost function in the /cgi-bin/cstecgi.cgi file. By manipulating the hostTime argument, an attacker can perform OS command injection. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

This vulnerability allows for remote code execution with potentially severe consequences. An attacker could gain unauthorized access to the system, execute arbitrary commands, and potentially compromise the entire network. The CVSS v3.1 base score of 8.8 (High) indicates high impacts on confidentiality, integrity, and availability. Attackers could potentially steal sensitive information, modify system configurations, or disrupt services.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the latest information provided, no official patch has been released by TOTOLINK. The vendor was contacted about this disclosure but did not respond, which suggests that a patch may not be immediately available.

Mitigation

Given the absence of an official patch, the following mitigation steps are recommended: 1. Disable remote access to the affected TOTOLINK A3600R devices where possible. 2. If remote access is necessary, implement strong network segmentation and access controls to limit exposure. 3. Monitor logs and network traffic for suspicious activities related to the NTPSyncWithHost function. 4. Consider replacing the vulnerable devices with alternative, secure products if patching is not an option. 5. Regularly check for updates from TOTOLINK and apply any security patches as soon as they become available. 6. Implement additional network security measures such as firewalls and intrusion detection systems to help detect and prevent exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7171. See article

Jul 28, 2024 at 10:42 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 28, 2024 at 10:43 PM
CVE Assignment

NVD published the first details for CVE-2024-7171

Jul 28, 2024 at 11:15 PM
CVSS

A CVSS base score of 6.3 has been assigned.

Jul 28, 2024 at 11:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.8%)

Jul 29, 2024 at 9:52 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Aug 8, 2024 at 12:40 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Aug 8, 2024 at 3:10 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 28, 2024 at 9:07 PM / nvd
Static CVE Timeline Graph

Affected Systems

Totolink/a3600r_firmware
+null more

Exploits

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-7171 Exploit
inTheWild.io Exploits / 3mo
CVE Id : CVE-2024-7171 Published Date: 2024-08-08T12:39:00+00:00 A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Update Fri Aug 2 14:35:21 UTC 2024
Recent Commits to cve:main / 3mo
Update Fri Aug 2 14:35:21 UTC 2024
CVE-2024-7171
Newest CVEs from Tenable / 3mo
Medium Severity Description A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Read more at https://www.tenable.com/cve/CVE-2024-7171
CVE-2024-7171
INCIBE-CERT - Vulnerabilities RSS / 3mo
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
NA - CVE-2024-7171 - A vulnerability classified as critical has been...
Security-Database Alerts Monitor : Last 100 Alerts / 3mo
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the...
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-78(3977)Totolink(599)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial