CVE-2024-24330 – This CVE describes a command injection vulnerab... (How to Fix)

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers that allows attackers to execute arbitrary commands on the device. Attackers can exploit this by injecting malicious commands through the port or enable parameters in the setRemoteCfg function. This affects users of TOTOLINK A3300R routers with vulnerable firmware versions.

💻 Affected Systems

Products:

TOTOLINK A3300R

Versions: V17.0.0cu.557_B20221024

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

A3300r Firmware by Totolink

View all CVEs affecting A3300r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing full remote control, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router takeover leading to DNS hijacking, traffic interception, credential harvesting, and botnet recruitment.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in GitHub repositories, making weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates
2. Download latest firmware for A3300R
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to vulnerable interface

Network Segmentation

all

Isolate router on separate VLAN with restricted access

🧯 If You Can't Patch

Replace affected routers with patched or alternative models
Implement strict firewall rules blocking all WAN access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router web interface and check firmware version in system settings

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V17.0.0cu.557_B20221024

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts to admin interface
Suspicious configuration changes

Network Indicators:

Unexpected outbound connections from router
DNS queries to suspicious domains
Port scanning originating from router

SIEM Query:

source="router_logs" AND (event="command_injection" OR event="unauthorized_config_change")

📊 Metadata

CVE ID: CVE-2024-24330

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: January 30, 2024

Last Updated: June 9, 2025

🔗 References

https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md Exploit,Third Party Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24330, you might also want to check these: