CVE-2023-4411

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1200lTotolink Ex1200l Firmware
Timeline
PublishedAug 18

Description

A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5totolink/ex1200lEN_V9.3.5u.6146_B20201023
NVDtotolink/ex1200l_firmware9.3.5u.6146_b20201023

🔴Vulnerability Details

2
CVEList
TOTOLINK EX1200L setTracerouteCfg os command injection2023-08-18
GHSA
GHSA-5g5r-9pxv-4v7g: A vulnerability has been found in TOTOLINK EX1200L EN_V92023-08-18
CVE-2023-4411 (CRITICAL CVSS 9.8) | A vulnerability has been found in T | cvebase.io