CVE-2024-0942

Public Exploit

Totolink N200RE V5 cstecgi.cgi session expiration

Description

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Link	Tags
https://vuldb.com/?id.252186	vdb entry third party advisory technical description
https://vuldb.com/?ctiid.252186	permissions required signature third party advisory
https://vuldb.com/?submit.269679	third party advisory
https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing	third party advisory exploit
https://youtu.be/b0tU2CiLbnU	media coverage exploit third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-0942?: CVE-2024-0942 has been scored as a low severity vulnerability.
How to fix CVE-2024-0942?: To fix CVE-2024-0942, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-0942 being actively exploited in the wild?: It is possible that CVE-2024-0942 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0942?: CVE-2024-0942 affects Totolink N200RE V5.

Description

Category

CWE-613 – Insufficient Session Expiration

References

Frequently Asked Questions