CVE-2024-57023 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-57023?

CVE-2024-57023 has a CVSS score of 6.8 (MEDIUM). This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'week' parameter in the setWiFiScheduleCfg function. This affects users of TOTOLINK X5000R routers running vulnerable firmware versions, potentially allowing attackers to gain control of the device.

📋 TL;DR

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'week' parameter in the setWiFiScheduleCfg function. This affects users of TOTOLINK X5000R routers running vulnerable firmware versions, potentially allowing attackers to gain control of the device.

💻 Affected Systems

Products:

TOTOLINK X5000R

Versions: V9.1.0cu.2350_B20230313

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

X5000r Firmware by Totolink

View all CVEs affecting X5000r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the router leading to network infiltration, data exfiltration, and use as a pivot point for attacking other devices on the network.

🟠

Likely Case

Unauthorized command execution on the router, potentially enabling configuration changes, service disruption, or credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to the router's web interface; command injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

Check TOTOLINK website for firmware updates; download and install latest firmware via web interface; reboot router after update.

🔧 Temporary Workarounds

Disable WiFi Schedule Feature

all

Remove or disable the setWiFiScheduleCfg functionality to prevent exploitation.

Restrict Web Interface Access

all

Limit access to router's admin interface to trusted IP addresses only.

🧯 If You Can't Patch

Segment router on isolated network segment
Implement strict firewall rules to limit router communication

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface; if version matches affected range, assume vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Update page.

Verify Fix Applied:

Verify firmware version has been updated to a version later than V9.1.0cu.2350_B20230313.

📡 Detection & Monitoring

Log Indicators:

Unusual commands in system logs
Multiple failed authentication attempts followed by setWiFiScheduleCfg requests

Network Indicators:

Unexpected outbound connections from router
Anomalous traffic patterns from router IP

SIEM Query:

source="router_logs" AND (event="setWiFiScheduleCfg" OR command="*;*" OR command="*|*")

📊 Metadata

CVE ID: CVE-2024-57023

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 1.41% exploit probability (80.2th percentile)

Published: January 15, 2025

Last Updated: April 7, 2025

🔗 References

https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setWiFiScheduleCfg/setWiFiScheduleCfg.md Exploit,Third Party Advisory
https://www.totolink.net/ Product
https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setWiFiScheduleCfg/setWiFiScheduleCfg.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57023, you might also want to check these: