Sign-up

ID

VAR-202501-2564


CVE

CVE-2024-57213


TITLE

TOTOLINK  of  a6000r  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002939

DESCRIPTION

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is an excellent wireless router that uses advanced technology and design to provide users with an excellent network experience. Remote attackers can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application

Trust: 2.16

sources: NVD: CVE-2024-57213 // JVNDB: JVNDB-2025-002939 // CNVD: CNVD-2025-07818

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07818

AFFECTED PRODUCTS

vendor:totolinkmodel:a6000rscope:eqversion:1.0.1-b20201211.2000

Trust: 1.0

vendor:totolinkmodel:a6000rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a6000rscope:eqversion:a6000r firmware 1.0.1-b20201211.2000

Trust: 0.8

vendor:totolinkmodel:a6000rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a6000r v1.0.1-b20201211.2000scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07818 // JVNDB: JVNDB-2025-002939 // NVD: CVE-2024-57213

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-57213
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-002939
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-07818
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-07818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-57213
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-002939
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-07818 // JVNDB: JVNDB-2025-002939 // NVD: CVE-2024-57213

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-002939 // NVD: CVE-2024-57213

EXTERNAL IDS

db:NVDid:CVE-2024-57213

Trust: 3.2

db:JVNDBid:JVNDB-2025-002939

Trust: 0.8

db:CNVDid:CNVD-2025-07818

Trust: 0.6

sources: CNVD: CNVD-2025-07818 // JVNDB: JVNDB-2025-002939 // NVD: CVE-2024-57213

REFERENCES

url:https://github.com/yanggao017/vuln/blob/main/totolink/a6000r/ci_9_action_passwd/readme.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-57213

Trust: 0.8

sources: CNVD: CNVD-2025-07818 // JVNDB: JVNDB-2025-002939 // NVD: CVE-2024-57213

SOURCES

db:CNVDid:CNVD-2025-07818
db:JVNDBid:JVNDB-2025-002939
db:NVDid:CVE-2024-57213

LAST UPDATE DATE

2025-04-22T23:20:26.131000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07818date:2025-04-21T00:00:00
db:JVNDBid:JVNDB-2025-002939date:2025-04-04T05:03:00
db:NVDid:CVE-2024-57213date:2025-04-03T15:48:02.287

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07818date:2025-04-10T00:00:00
db:JVNDBid:JVNDB-2025-002939date:2025-04-04T00:00:00
db:NVDid:CVE-2024-57213date:2025-01-10T17:15:18.087