Vulnerabilities > CVE-2024-0570 - Missing Authorization vulnerability in Totolink N350Rt Firmware 9.3.5U.6265

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

totolink

CWE-862

critical

NVD

Published: 2024-01-16

Updated: 2024-05-17

Summary

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink N350Rt Firmware 9.3.5U.6265	1
Hardware	Totolink Totolink N350Rt -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://vuldb.com/?id.250786
https://vuldb.com/?ctiid.250786
https://drive.google.com/file/d/1xmGHvjMTaOn7v6buju5Ifuti3q47G7yF/view?usp=sharing
https://vuldb.com/?submit.263655