TOTOLINK N200RE V5 Validity_check format string
CVE-2023-4746

8.8HIGH

Key Information:

Vendor
TOTOLINK
Status
N200RE V5
Vendor
CVE Published:
4 September 2023

Summary

A security vulnerability has been identified in the TOTOLINK N200RE V5 router, specifically in the Validity_check function. This flaw allows attackers to manipulate format strings, which can lead to OS command injection when they bypass the necessary validation. Remote attackers can exploit this vulnerability, making it critical to patch and secure affected devices promptly. This exploit has been publicly disclosed, raising concerns over potential attacks.

Affected Version(s)

N200RE V5 9.3.5u.6437_B20230519

References

https://vuldb.com/?id.238635
vdb-entrytechnical-description
https://vuldb.com/?ctiid.238635
signaturepermissions-required
https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dmknght (VulDB User)
.