CVE DATABASE / CVE-2024-41316
CVE-2024-41316
CVSS 9.8 · CRITICAL
Summary
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Totolink a6000r firmwareTotolink a6000r
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://gist.github.com/yanggao017/690f3e4b5045bbdf1209baa30fb53065
- https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_2_apcli_cancel_wps/README.md
Data: NIST NVD. NVD last modified 2025-04-03. Always verify against the vendor advisory before acting.