TOTOLINK EX1200L setDiagnosisCfg os command injection
CVE-2023-4410

9.8CRITICAL

Key Information:

Vendor
TOTOLINK
Status
EX1200L
Vendor
CVE Published:
18 August 2023

Summary

A vulnerability has been identified in the TOTOLINK EX1200L router, specifically in the function setDiagnosisCfg. This flaw permits attackers to execute arbitrary OS commands on the affected device. The vulnerability allows remote exploitation, meaning malicious actors can leverage this weakness over the internet without physical access. As details of this exploit are publicly available, it poses a significant risk to users who have not applied the necessary patches or updates.

Affected Version(s)

EX1200L EN_V9.3.5u.6146_B20201023

References

https://vuldb.com/?id.237513
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237513
signaturepermissions-required
https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

dmknght (VulDB User)
.