Login Sign Up

CVE-2024-41315

6.8 MEDIUM
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands on the device. The vulnerability exists in the apcli_do_enr_pin_wps function via the ifname parameter. Users of affected TOTOLINK A6000R routers with vulnerable firmware are at risk.

💻 Affected Systems

Products:
  • TOTOLINK A6000R
Versions: V1.0.1-B20201211.2000
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version only; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

A6000r Firmware by Totolink

View all CVEs affecting A6000r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, intercept network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Unauthenticated remote code execution leading to device takeover, credential theft, or participation in botnets.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code is publicly available in GitHub repositories, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check TOTOLINK official website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable WPS functionality

all

Disable Wi-Fi Protected Setup (WPS) feature to remove attack vector

Network isolation

all

Place router behind firewall with strict inbound rules

🧯 If You Can't Patch

  • Replace affected device with different model/vendor
  • Implement strict network segmentation to isolate router from critical assets

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is V1.0.1-B20201211.2000, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Information page.

Verify Fix Applied:

Verify firmware version has been updated to a version later than V1.0.1-B20201211.2000.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Multiple failed WPS connection attempts
  • Suspicious ifname parameter values

Network Indicators:

  • Unexpected outbound connections from router
  • Unusual traffic patterns to/from router management interface

SIEM Query:

source="router_logs" AND (message="*apcli_do_enr_pin_wps*" OR message="*ifname*" AND message="*;*" OR message="*|*" OR message="*`*" OR message="*$(*")

📊 Metadata

CVE ID: CVE-2024-41315
CVSS v3 Score: 6.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: July 22, 2024
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41315, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)