Incorrect Access Control Vulnerability in TOTOLINK A3300R Router
CVE-2023-46992

7.5HIGH

Key Information:

Vendor

Totolink
Status
A3300r Firmware
Vendor
CVE Published:
31 October 2023

What is CVE-2023-46992?

The TOTOLINK A3300R router version V17.0.0cu.557_B20221024 is exposed to an incorrect access control vulnerability. This flaw enables unauthorized attackers to reset several critical passwords by simply navigating to specific pages without requiring proper authentication, potentially compromising network security.

References

https://github.com/AuroraHaaash/vul_report/blob/main/TOTO...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.