CVE-2023-4412

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1200lTotolink Ex1200l Firmware
Timeline
PublishedAug 18

Description

A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5totolink/ex1200lEN_V9.3.5u.6146_B20201023
NVDtotolink/ex1200l_firmware9.3.5u.6146_b20201023

🔴Vulnerability Details

2
CVEList
TOTOLINK EX1200L setWanCfg os command injection2023-08-18
GHSA
GHSA-3rxg-298f-hp3q: A vulnerability was found in TOTOLINK EX1200L EN_V92023-08-18
CVE-2023-4412 (CRITICAL CVSS 9.8) | A vulnerability was found in TOTOLI | cvebase.io