CVE-2023-4412

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 18, 2023

Updated: May 17, 2024

CWE ID 732

Summary

CVE-2023-4412 is a newly disclosed critical vulnerability affecting the TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 firmware. The issue lies in the setWanCfg function, which is susceptible to os command injection. An attacker can exploit this vulnerability remotely, leading to significant security risks. The exploit for this vulnerability, identified as VDB-237515, has been made public, increasing the threat level. Despite early notification, the vendor has not responded to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Spectrum Power 7

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/syd2Wc
https://www.cve.org/CVERecord?id=CVE-2023-4412
https://nvd.nist.gov/vuln/detail/CVE-2023-4412

Back to Vulnerability Database