Command Injection Vulnerability in TOTOLINK X18 Product
CVE-2023-29803
9.8CRITICAL
What is CVE-2023-29803?
The TOTOLINK X18 model, specifically version 9.1.0cu.2024_B20220329, is exposed to a command injection vulnerability. This vulnerability occurs through improper handling of the 'pid' parameter within the 'disconnectVPN' function, which can allow an attacker to execute arbitrary commands on the system. Users are advised to update their firmware to prevent exploitation.