CVE-2023-24144 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-24144?

CVE-2023-24144 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK CA300-PoE routers by injecting malicious commands into the hour parameter of the setRebootScheCfg function. Attackers can gain full control of affected devices, potentially compromising entire networks. All users of vulnerable TOTOLINK CA300-PoE routers are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK CA300-PoE routers by injecting malicious commands into the hour parameter of the setRebootScheCfg function. Attackers can gain full control of affected devices, potentially compromising entire networks. All users of vulnerable TOTOLINK CA300-PoE routers are affected.

💻 Affected Systems

Products:

TOTOLINK CA300-PoE

Versions: V6.2c.884

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface. No special configuration required for exploitation.

📦 What is this software?

Ca300 Poe Firmware by Totolink

View all CVEs affecting Ca300 Poe Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, data exfiltration, ransomware deployment, or use as botnet node

🟠

Likely Case

Remote code execution allowing attacker to modify device configuration, intercept traffic, or install malware

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound rules and network segmentation

🌐 Internet-Facing: HIGH - Directly exploitable from internet if device management interface is exposed

🏢 Internal Only: HIGH - Exploitable from any network segment with access to device management interface

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication to the web interface. Public proof-of-concept code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check TOTOLINK website for firmware updates. If update exists: 1. Download firmware from vendor site 2. Log into router web interface 3. Navigate to firmware upgrade section 4. Upload and apply new firmware

🔧 Temporary Workarounds

Network Segmentation

all

Isolate TOTOLINK devices on separate VLAN with strict firewall rules

Access Control

linux

Restrict management interface access to specific IP addresses only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace vulnerable devices with supported alternatives
Implement strict network monitoring and anomaly detection for affected devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface: System Status > Firmware Version. If version is V6.2c.884, device is vulnerable.

Check Version:

curl -s http://router-ip/status.cgi | grep firmware_version

Verify Fix Applied:

Verify firmware version has changed from V6.2c.884 to a newer version

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to setRebootScheCfg with shell metacharacters in parameters
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound connections from router to external IPs
Traffic patterns inconsistent with normal router operation

SIEM Query:

source="router_logs" AND (uri="*setRebootScheCfg*" AND (param="*;*" OR param="*|*" OR param="*`*"))

📊 Metadata

CVE ID: CVE-2023-24144

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 3, 2023

Last Updated: March 26, 2025

🔗 References

https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_ca300-poe/setRebootScheCfg_hour/setRebootScheCfg_hour.md Exploit,Third Party Advisory
https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_ca300-poe/setRebootScheCfg_hour/setRebootScheCfg_hour.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24144, you might also want to check these: