Command Execution Vulnerability in TOTOLINK X6000R Router
CVE-2023-48812
9.8CRITICAL
What is CVE-2023-48812?
A command execution vulnerability exists in the TOTOLINK X6000R, specifically in the shttpd file's sub_4119A0 function. The vulnerability arises due to improper handling of user input, where fields obtained from the front-end via the Uci_Set_The_Str function can be exploited if passed to the CsteSystem function. This flaw can allow malicious actors to execute arbitrary commands, potentially compromising the security of the device and the network it operates on.