关键信息 Vulnerability ID: VDB-249860 CVE Identifier: CVE-2024-0294 Affected Product: TOTOLINK LR1200GB 9.1.0U.6619_B20230130 Affected File/Function: Vulnerability Type: OS Command Injection Summary Criticality: Critical Description: A vulnerability exists where manipulating the parameter in the function leads to OS command injection. Remote Attack: Possible remotely Exploit Available: Yes, proof-of-concept on GitHub Vendor Response: No response from vendor Details CWE Reference: CWE-78 (OS Command Injection) Impact: Confidentiality, integrity, availability CVE Publication Date: 01/07/2024 Attack Vector: Malicious input leads to unintended OS command execution Recommendation: Replace the affected product with an alternative if no countermeasures are known.