Details of VAR-202501-1484

ID

VAR-202501-1484

CVE

CVE-2024-57212

TITLE

TOTOLINK A6000R action_reboot command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-01814

DESCRIPTION

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. TOTOLINK A6000R is an excellent wireless router that uses advanced technology and design to provide users with an excellent network experience. Remote attackers can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application

Trust: 1.44

sources: NVD: CVE-2024-57212 // CNVD: CNVD-2025-01814

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01814

AFFECTED PRODUCTS

vendor:

totolink

model:

a6000r v1.0.1-b20201211.2000

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-01814

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-57212
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-01814
value:	LOW
Trust: 0.6

CNVD:	CNVD-2025-01814
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-57212
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-01814 // NVD: CVE-2024-57212

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2024-57212

PATCH

title:

Patch for TOTOLINK A6000R action_reboot command injection vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/651941

Trust: 0.6

sources: CNVD: CNVD-2025-01814

EXTERNAL IDS

db:	NVD	id:	CVE-2024-57212	Trust: 1.6
db:	CNVD	id:	CNVD-2025-01814	Trust: 0.6

sources: CNVD: CNVD-2025-01814 // NVD: CVE-2024-57212

REFERENCES

url:

https://github.com/yanggao017/vuln/blob/main/totolink/a6000r/ci_10_action_reboot/readme.md

Trust: 1.6

sources: CNVD: CNVD-2025-01814 // NVD: CVE-2024-57212

SOURCES

db:	CNVD	id:	CNVD-2025-01814
db:	NVD	id:	CVE-2024-57212

LAST UPDATE DATE

2025-01-24T23:05:09.344000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01814	date:	2025-01-20T00:00:00
db:	NVD	id:	CVE-2024-57212	date:	2025-01-14T16:15:33.120

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01814	date:	2025-01-17T00:00:00
db:	NVD	id:	CVE-2024-57212	date:	2025-01-10T17:15:17.953