Vulnerabilities > CVE-2024-0570 - Missing Authorization vulnerability in Totolink N350Rt Firmware 9.3.5U.6265

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

totolink

CWE-862

critical

NVD

Published: 2024-01-16

Updated: 2024-11-21

Summary

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink N350Rt Firmware 9.3.5U.6265	1
Hardware	Totolink Totolink N350Rt -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://vuldb.com/?ctiid.250786
https://vuldb.com/?ctiid.250786
https://vuldb.com/?id.250786
https://vuldb.com/?id.250786
https://vuldb.com/?submit.263655
https://vuldb.com/?submit.263655
https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31
https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31
https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1
https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1