Remote Code Execution Vulnerability in TOTOLINK X6000R Router Software
CVE-2023-43454

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X6000r Firmware
Vendor: CVE Published:; 1 December 2023

Summary

A vulnerability in certain versions of the TOTOLINK X6000R router allows remote attackers to execute arbitrary code through manipulation of the hostName parameter in the switchOpMode component. Successful exploitation could lead to unauthorized access and control over the affected device, potentially compromising network integrity and user data.

References

https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2023
Vulnerability Reserved
Sep 18, 2023