CVE-2023-6612

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
11.3%
top 6.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X5000rTotolink X5000r Firmware
Timeline
PublishedDec 8

Description

A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFi

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

CVEListV5totolink/x5000r9.1.0cu.2300_B20230112
NVDtotolink/x5000r_firmware9.1.0cu.2300_b20230112

🔴Vulnerability Details

2
GHSA
GHSA-5vwh-r25c-w3q7: A vulnerability was found in Totolink X5000R 92023-12-08
CVEList
Totolink X5000R cstecgi.cgi setWizardCfg os command injection2023-12-08
CVE-2023-6612 (CRITICAL CVSS 9.8) | A vulnerability was found in Totoli | cvebase.io