Login Sign Up

CVE-2024-23060

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers via the ip parameter in the setDmzCfg function. Attackers can execute arbitrary commands with root privileges, potentially taking full control of affected devices. All users of vulnerable TOTOLINK A3300R routers are affected.

💻 Affected Systems

Products:
  • TOTOLINK A3300R
Versions: V17.0.0cu.557_B20221024
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the web interface's DMZ configuration function. No special configuration is required for exploitation.

📦 What is this software?

A3300r Firmware by Totolink

View all CVEs affecting A3300r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to establish persistent access, pivot to internal networks, intercept traffic, or join botnets.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, and network surveillance.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, though external exploitation is more likely.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to the router's web interface. The GitHub reference contains detailed proof-of-concept information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check TOTOLINK's official website for firmware updates. If available, download and install the latest firmware through the router's web interface.

🔧 Temporary Workarounds

Disable DMZ Function

all

Disable the DMZ configuration feature if not required for network operations.

Network Segmentation

all

Place affected routers in isolated network segments with strict firewall rules limiting access to management interfaces.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the router's management interface
  • Monitor for unusual network traffic or configuration changes on affected devices

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface. If version is V17.0.0cu.557_B20221024, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Update section.

Verify Fix Applied:

Verify firmware version has been updated to a version later than V17.0.0cu.557_B20221024.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to setDmzCfg endpoint
  • Commands with shell metacharacters in web logs
  • Unexpected process execution

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs
  • Unexpected port scans originating from router

SIEM Query:

source="router_logs" AND (uri="*setDmzCfg*" AND (data="*;*" OR data="*|*" OR data="*`*" OR data="*$(*"))

📊 Metadata

CVE ID: CVE-2024-23060
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: January 11, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23060, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)