Remote Command Execution Vulnerability in TOTOLINK X6000R Router
CVE-2023-50651

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: X6000r Firmware
Vendor: CVE Published:; 30 December 2023

Summary

The TOTOLINK X6000R router version v9.4.0cu.852_B20230719 contains a remote command execution vulnerability that could allow unauthorized attackers to execute arbitrary commands on the device through the /cgi-bin/cstecgi.cgi component. This flaw poses significant risks to network security, enabling potential misuse of network resources and access to sensitive data.

References

http://totolink.com

https://palm-jump-676.notion.site/X6000R-sub_4119A0-11-b3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2023
Vulnerability Reserved
Dec 11, 2023