CVE-2023-24161 in CA300-PoE
Summary
by MITRE • 02/14/2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/19/2025
The TOTOLINK CA300-PoE router running firmware version V6.2c.884 presents a critical command injection vulnerability that stems from improper input validation within the webWlanIdx parameter of the setWebWlanIdx function. This flaw allows remote attackers to execute arbitrary commands on the affected device by manipulating the webWlanIdx parameter through web interface requests. The vulnerability exists due to insufficient sanitization of user-supplied input, enabling malicious actors to inject command sequences that bypass authentication mechanisms and gain unauthorized access to the underlying operating system. The affected device operates on a Linux-based embedded system where the web interface directly processes user input without adequate filtering or escaping mechanisms, creating a pathway for attackers to escalate privileges and execute system-level commands.
This vulnerability falls under the CWE-77 category of Command Injection, which is classified as a high-risk weakness in software security that allows attackers to execute arbitrary commands on the target system. The specific implementation flaw occurs when the web interface fails to properly validate or escape the webWlanIdx parameter before processing it within the setWebWlanIdx function. The ATT&CK framework categorizes this as a command execution technique under the T1059.001 sub-technique, where adversaries leverage vulnerabilities to execute commands on compromised systems. The vulnerability is particularly concerning because it operates at the web application layer and can be exploited remotely without requiring authentication, making it an attractive target for automated exploitation tools and malicious actors seeking persistent access to network infrastructure.
The operational impact of this vulnerability extends beyond simple command execution, as it enables attackers to manipulate the router's wireless configuration parameters, potentially disrupting network services or creating backdoor access points. Attackers can leverage this vulnerability to modify wireless network settings, inject malicious configurations, or even establish persistent access through the creation of new user accounts or SSH keys. The device's PoE functionality adds additional risk as attackers could potentially disrupt network connectivity for other devices connected through the same power-over-ethernet infrastructure. Network reconnaissance activities can be conducted through the compromised device, enabling attackers to map internal network topology, scan for other vulnerable systems, or use the router as a pivot point for lateral movement within the network environment. The vulnerability affects enterprise and residential networks alike, potentially compromising hundreds or thousands of devices depending on the deployment scale.
Mitigation strategies should focus on immediate firmware updates from TOTOLINK to address the command injection vulnerability, as well as implementing network segmentation to limit access to the affected device. Network administrators should disable unnecessary services and ports, particularly those related to the web interface, until proper patches are applied. The implementation of web application firewalls and input validation rules can provide additional protection layers against similar vulnerabilities. Security monitoring should include detection of unusual command execution patterns and parameter manipulation attempts. Organizations should also consider implementing network access controls using tools like iptables or firewalls to restrict access to the device's web management interface. Regular vulnerability assessments and penetration testing should be conducted to identify similar weaknesses in other network infrastructure components. The vulnerability demonstrates the importance of secure coding practices and input validation, particularly in embedded systems where resource constraints may lead to inadequate security controls. Network security teams should also establish incident response procedures to address potential exploitation attempts and ensure rapid remediation when similar vulnerabilities are discovered in other network devices.