Command Injection in TOTOLINK X5000R Router
CVE-2023-31569

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X5000r Firmware
Vendor: CVE Published:; 6 June 2023

Summary

The TOTOLINK X5000R router version V9.1.0cu.2350_B20230313 is vulnerable to a command injection attack through the setWanCfg function. This vulnerability allows attackers to execute arbitrary commands on the system, potentially compromising the security and integrity of the affected device and any connected network. Users are advised to update their firmware and apply necessary security measures to mitigate risks associated with this vulnerability.

References

http://totolink.com

https://github.com/JeeseenSec/Report/tree/main/TOTOLINK%2...

https://www.totolink.net/home/menu/newstpl/menu_newstpl/p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
Apr 29, 2023

Collectors

NVD DatabaseMitre Database