Login Sign Up

CVE-2024-0298

7.3 HIGH
Remote Code Execution

📋 TL;DR

This critical vulnerability in Totolink N200RE routers allows remote attackers to execute arbitrary operating system commands via command injection in the setDiagnosisCfg function. Attackers can exploit this to gain full control of affected devices. All users of Totolink N200RE routers with vulnerable firmware are affected.

💻 Affected Systems

Products:
  • Totolink N200RE
Versions: 9.3.5u.6139_B20201216
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

N200re Firmware by Totolink

View all CVEs affecting N200re Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept traffic, or use device in botnets.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, and network surveillance.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires no authentication. Attack is straightforward to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider replacing affected devices.

🔧 Temporary Workarounds

Network Isolation

all

Place affected routers behind firewalls with strict inbound filtering to block access to vulnerable CGI endpoint.

Access Control

all

Restrict administrative access to trusted IP addresses only using router firewall rules.

🧯 If You Can't Patch

  • Immediately isolate affected devices from internet and critical internal networks
  • Replace vulnerable Totolink N200RE routers with supported, patched alternatives

🔍 How to Verify

Check if Vulnerable:

Check router web interface for firmware version 9.3.5u.6139_B20201216. If present, device is vulnerable.

Check Version:

Login to router admin interface and check firmware version in System Status or similar section.

Verify Fix Applied:

No fix available to verify. Only complete mitigation is device replacement.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /cgi-bin/cstecgi.cgi with setDiagnosisCfg parameter
  • Suspicious command execution patterns in system logs

Network Indicators:

  • Unexpected outbound connections from router to external IPs
  • Traffic spikes from router to command-and-control servers

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/cstecgi.cgi" AND params CONTAINS "setDiagnosisCfg")

📊 Metadata

CVE ID: CVE-2024-0298
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-78
Published: January 8, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0298, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)