CVE-2024-42740 Information

Description

In TOTOLINK X5000r v9.1.0cu.2350_b20230313 the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Reference

https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setLedCfg/setLedCfg.md