CVE-2023-4410

CWE-78OS Command InjectionCWE-89SQL Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1200lTotolink Ex1200l Firmware
Timeline
PublishedAug 18

Description

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5totolink/ex1200lEN_V9.3.5u.6146_B20201023
NVDtotolink/ex1200l_firmware9.3.5u.6146_b20201023

🔴Vulnerability Details

3
GHSA
GHSA-mwj3-42r4-52rx: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V92023-08-18
CVEList
TOTOLINK EX1200L setDiagnosisCfg os command injection2023-08-18
GHSA
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection2023-01-20
CVE-2023-4410 (CRITICAL CVSS 9.8) | A vulnerability | cvebase.io