Remote Code Execution Vulnerability in TOTOLINK X5000R Router
CVE-2023-39618

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X5000r Firmware
Vendor: CVE Published:; 21 August 2023

Summary

A remote code execution vulnerability exists in the TOTOLINK X5000R router, specifically through the setTracerouteCfg interface. This weakness could allow an attacker to execute arbitrary commands on the device, potentially compromising the integrity and confidentiality of the network. Users are advised to immediately assess their exposure to this vulnerability and apply available patches or mitigations to secure their devices.

References

https://sedate-class-393.notion.site/TOTOlink-3567fd9f93d...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 7, 2023