.. / CVE-2024-34257

Exploit for TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection (CVE-2024-34257)

Description:

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.

Nuclei Template

View the template here CVE-2024-34257.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-34257.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-34257
https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
https://github.com/20142995/nuclei-templates
https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350