CVE-2024-33433 – This CVE describes a Cross-Site Scripting (XSS)... (How to Fix)

Q: What is the severity of CVE-2024-33433?

CVE-2024-33433 has a CVSS score of 4.8 (MEDIUM). This CVE describes a Cross-Site Scripting (XSS) vulnerability in TOTOLINK X2000R routers that allows remote attackers to inject malicious scripts via the Guest Access Control parameter. Attackers can execute arbitrary code in the context of authenticated users, potentially compromising router administration. Users with TOTOLINK X2000R routers running vulnerable firmware versions are affected.

📋 TL;DR

This CVE describes a Cross-Site Scripting (XSS) vulnerability in TOTOLINK X2000R routers that allows remote attackers to inject malicious scripts via the Guest Access Control parameter. Attackers can execute arbitrary code in the context of authenticated users, potentially compromising router administration. Users with TOTOLINK X2000R routers running vulnerable firmware versions are affected.

💻 Affected Systems

Products:

TOTOLINK X2000R

Versions: All versions before v1.0.0-B20231213.1013

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to router web interface; Guest Access Control feature must be enabled or accessible.

📦 What is this software?

X2000r Firmware by Totolink

View all CVEs affecting X2000r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to change configurations, intercept traffic, install backdoors, or pivot to internal networks.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized configuration changes to the router's wireless settings.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to router admin interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires attacker to trick authenticated user into visiting malicious link or submitting crafted form.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.0.0-B20231213.1013 or later

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from TOTOLINK website. 4. Upload and install firmware. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable Guest Access Control

all

Temporarily disable the vulnerable Guest Access Control feature

Restrict Admin Interface Access

all

Limit access to router admin interface to trusted IP addresses only

🧯 If You Can't Patch

Segment router management interface to internal network only
Implement WAF with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Information

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Confirm firmware version is v1.0.0-B20231213.1013 or later

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to wireless configuration pages
Malicious script patterns in URL parameters

Network Indicators:

Unexpected JavaScript payloads in HTTP requests to router IP

SIEM Query:

http.method=POST AND http.uri_path="/cgi-bin/cstecgi.cgi" AND http.uri_query CONTAINS "GuestAccessControl"

📊 Metadata

CVE ID: CVE-2024-33433

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-233

Published: May 14, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_2_Guest_Access_Control/README.md Exploit,Third Party Advisory
https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_2_Guest_Access_Control/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33433, you might also want to check these: