Arbitrary Code Execution Vulnerability in TOTOlink A3700R Router
CVE-2023-48192

7.8HIGH

Key Information:

Vendor: Totolink
Status: A3700r Firmware
Vendor: CVE Published:; 20 November 2023

What is CVE-2023-48192?

A vulnerability exists in TOTOlink A3700R routers that allows a local attacker to execute arbitrary code through the 'setTracerouteCfg' function. This may lead to unauthorized access and manipulation of device settings, posing significant risks to network security and user data integrity.

References

http://totolink.com

https://www.totolink.net/

https://github.com/zxsssd/TotoLink-

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2023
Vulnerability Reserved
Nov 13, 2023

Totolink

What is CVE-2023-48192?

References

CVSS V3.1

Timeline