CVE-2023-4746

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 4, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-4746 is a newly disclosed critical vulnerability that impacts the TOTOLINK N200RE V5 with firmware version 9.3.5u.6437_B20230519. The issue lies within the Validity_check function, resulting in a format string vulnerability. An attacker can remotely manipulate this vulnerability, leading to OS command injection by bypassing the validation checks. The root cause is a format string issue, and the impact includes potential unauthorized system control. The vulnerability identifier is VDB-238635, and public exploits for this vulnerability have already been disclosed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Knovos

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tSpNZY
https://www.cve.org/CVERecord?id=CVE-2023-4746
https://nvd.nist.gov/vuln/detail/CVE-2023-4746

Back to Vulnerability Database

CVE-2023-4746

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations