CVE-2024-51141 is a vulnerability identified in the TOTOLINK Bluetooth Wireless Adapter A600UB, specifically involving the WifiAutoInstallDriver.exe and MSASN1.dll components. This flaw allows a local attacker to execute arbitrary code on the affected system. The attack vector is local, meaning the attacker must have physical or logical local access to the machine. The vulnerability does not require privileges or authentication but does require user interaction, such as running or triggering the vulnerable components. The CVSS 3.1 base score is 7.8, reflecting high severity due to the potential for full compromise of confidentiality, integrity, and availability of the system. The vulnerability is classified under CWE-354, which typically relates to improper resource control or race conditions that can be exploited to execute code. No specific affected versions are listed, indicating the issue may affect all versions of the device or software components. No patches or fixes have been published yet, and there are no known exploits in the wild. The components involved are part of the driver installation and ASN.1 parsing, which are critical for device operation and security. Exploitation could lead to system compromise, data theft, or disruption of services.

The impact of CVE-2024-51141 is significant for organizations using the TOTOLINK Bluetooth Wireless Adapter A600UB. Successful exploitation allows an attacker with local access to execute arbitrary code, potentially leading to full system compromise. This can result in unauthorized data access, modification, or destruction, as well as disruption of device functionality. Since the vulnerability affects driver and DLL components, it could undermine the security of the host system and any connected networks. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk in environments where attackers can gain physical or logical local access, such as shared workstations, public kiosks, or compromised user accounts. The absence of patches increases the window of exposure. Organizations relying on this hardware for wireless connectivity may face increased risk of targeted attacks, insider threats, or lateral movement within networks.

To mitigate CVE-2024-51141, organizations should first restrict local access to systems using the TOTOLINK A600UB adapter, ensuring only trusted users can interact with these devices. Disable or uninstall the vulnerable WifiAutoInstallDriver.exe and related components if possible, or replace the adapter with a non-vulnerable alternative until patches are available. Monitor systems for unusual activity related to driver installation or DLL loading, and employ endpoint detection and response (EDR) tools to detect exploitation attempts. Educate users about the risks of interacting with unknown or untrusted software prompts, as user interaction is required for exploitation. Network segmentation can limit the impact of a compromised device. Regularly check for vendor updates or security advisories to apply patches promptly once released. Additionally, consider application whitelisting to prevent unauthorized execution of vulnerable components. Conduct thorough audits of devices and drivers in use to identify and remediate vulnerable hardware.