CVE-2023-39617

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 21, 2023

Updated: Aug 25, 2023

CWE ID 77

Summary

CVE-2023-39617 affects TOTOLINK's X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 firmware versions. This vulnerability allows remote code execution (RCE) through the lang parameter in the setLanguageCfg function. An attacker can exploit this by sending crafted HTTP requests to the affected device, potentially gaining full control over it. Successful exploitation could lead to unauthorized access, data theft, or even device destruction. Users are advised to update their firmware to a non-vulnerable version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sP3E82
https://www.cve.org/CVERecord?id=CVE-2023-39617
https://nvd.nist.gov/vuln/detail/CVE-2023-39617

Back to Vulnerability Database

CVE-2023-39617

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations