CVE-2023-29798 — Command Injection in X18 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.4%

top 19.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink X18 Firmware

Timeline

PublishedApr 14

Description

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/x18_firmware9.1.0cu.2024_b20220329

🔴Vulnerability Details

CVEList

CVE-2023-29798: TOTOLINK X18 V9↗2023-04-14

▶

GHSA

GHSA-7gcr-m3c2-5x75: TOTOLINK X18 V9↗2023-04-14

▶