CVE-2023-48800

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 4, 2023

Updated: Dec 7, 2023

CWE ID 78

Summary

CVE-2023-48800 is a newly disclosed vulnerability affecting the TOTOLINK X6000R firmware version V9.4.0cu.852_B20230719. The issue lies in the shttpd file, specifically the sub_417338 function. This function collects data from user input, formats it using the snprintf function, and subsequently passes it to the CsteSystem function. This sequence results in a command execution vulnerability, enabling an attacker to remotely execute arbitrary commands on affected devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Totolink X6000R Firmware

Affected Vendors

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tfEQ3U
https://www.cve.org/CVERecord?id=CVE-2023-48800
https://nvd.nist.gov/vuln/detail/CVE-2023-48800

Back to Vulnerability Database