Sign-up

ID

VAR-202401-0050


CVE

CVE-2024-0299


TITLE

TOTOLINK  of  N200RE  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-001215

DESCRIPTION

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-0299 // JVNDB: JVNDB-2024-001215 // VULMON: CVE-2024-0299

AFFECTED PRODUCTS

vendor:totolinkmodel:n200rescope:eqversion:9.3.5u.6139_b20201216

Trust: 1.0

vendor:totolinkmodel:n200rescope: - version: -

Trust: 0.8

vendor:totolinkmodel:n200rescope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:n200rescope:eqversion:n200re firmware 9.3.5u.6139 b20201216

Trust: 0.8

sources: JVNDB: JVNDB-2024-001215 // NVD: CVE-2024-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-0299
value: CRITICAL

Trust: 1.8

cna@vuldb.com: CVE-2024-0299
value: HIGH

Trust: 1.0

cna@vuldb.com:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-0299
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-001215 // NVD: CVE-2024-0299 // NVD: CVE-2024-0299

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001215 // NVD: CVE-2024-0299

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-0299

EXTERNAL IDS
db:NVDid:CVE-2024-0299
Trust: 2.7
db:VULDBid:249865
Trust: 1.9
db:JVNDBid:JVNDB-2024-001215
Trust: 0.8
db:VULMONid:CVE-2024-0299
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-0299 // 
            
            
            
            JVNDB: JVNDB-2024-001215 // 
            
            
            
            NVD: CVE-2024-0299

REFERENCES
url:https://vuldb.com/?id.249865
Trust: 1.9
url:https://github.com/jylsec/vuldb/blob/main/totolink/n200re/settraceroutecfg/readme.md
Trust: 1.9
url:https://vuldb.com/?ctiid.249865
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2024-0299
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-0299 // 
            
            
            
            JVNDB: JVNDB-2024-001215 // 
            
            
            
            NVD: CVE-2024-0299

SOURCES
db:VULMONid:CVE-2024-0299
db:JVNDBid:JVNDB-2024-001215
db:NVDid:CVE-2024-0299

LAST UPDATE DATE
2024-05-17T22:40:13.664000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-0299date:2024-01-08T00:00:00
db:JVNDBid:JVNDB-2024-001215date:2024-02-01T05:39:00
db:NVDid:CVE-2024-0299date:2024-05-17T02:34:30.130

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-0299date:2024-01-08T00:00:00
db:JVNDBid:JVNDB-2024-001215date:2024-02-01T00:00:00
db:NVDid:CVE-2024-0299date:2024-01-08T06:15:44.593