CVE-2024-24332 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-24332?

CVE-2024-24332 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in TOTOLINK A3300R routers, allowing attackers to execute arbitrary commands via the url parameter in the setUrlFilterRules function. It affects users of the specified router version, potentially leading to full device compromise. The high CVSS score indicates critical severity with broad impact.

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers, allowing attackers to execute arbitrary commands via the url parameter in the setUrlFilterRules function. It affects users of the specified router version, potentially leading to full device compromise. The high CVSS score indicates critical severity with broad impact.

💻 Affected Systems

Products:

TOTOLINK A3300R

Versions: V17.0.0cu.557_B20221024

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This vulnerability is present in the default configuration of the affected router version.

📦 What is this software?

A3300r Firmware by Totolink

View all CVEs affecting A3300r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to device takeover, data theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Unauthenticated attackers exploiting the vulnerability to execute commands, potentially disrupting services or stealing sensitive information.

🟢

If Mitigated

Limited impact if network segmentation, firewalls, or access controls prevent exploitation, but risk remains if devices are exposed.

🌐 Internet-Facing: HIGH, as routers are often internet-facing, making them directly accessible to attackers for remote exploitation.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it if they gain network access, but external exposure is the primary concern.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept details are available in GitHub references, suggesting easy exploitation by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not known

Restart Required: No

Instructions:

Check TOTOLINK's official website or support channels for firmware updates; if available, download and apply the patch via the router's admin interface.

🔧 Temporary Workarounds

Disable URL Filtering Feature

all

Turn off the URL filtering functionality in the router settings to remove the vulnerable endpoint.

Access router admin panel, navigate to URL filtering settings, and disable it.

Network Segmentation

all

Isolate the router from critical internal networks to limit potential damage if exploited.

Configure firewall rules to restrict access to the router's management interface.

🧯 If You Can't Patch

Implement strict network access controls to block external access to the router's management interface.
Monitor logs for unusual activity and consider replacing the router with a patched or different model.

🔍 How to Verify

Check if Vulnerable:

Check the router's firmware version via the admin interface; if it matches V17.0.0cu.557_B20221024, it is vulnerable.

Check Version:

Log into the router's web interface and navigate to the system information or firmware section.

Verify Fix Applied:

After applying any update, verify the firmware version has changed to a non-vulnerable release.

📡 Detection & Monitoring

Log Indicators:

Unusual commands or shell activity in router logs, especially related to setUrlFilterRules.

Network Indicators:

Suspicious HTTP requests to the router's management interface with crafted url parameters.

SIEM Query:

Search for HTTP POST requests to paths containing 'setUrlFilterRules' with anomalous parameter values.

📊 Metadata

CVE ID: CVE-2024-24332

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: January 30, 2024

Last Updated: May 30, 2025

🔗 References

https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md Exploit,Third Party Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24332, you might also want to check these: