Unauthorized Command Execution Vulnerability in TOTOlink EX1800T Router
CVE-2023-51018

9.8CRITICAL

Key Information:

Vendor: TOTOlink
Status: Ex1800t Firmware
Vendor: CVE Published:; 22 December 2023

What is CVE-2023-51018?

The TOTOlink EX1800T router version v9.1.0cu.2112_B20220316 contains a significant vulnerability that allows unauthorized users to execute arbitrary commands through the 'opmode' parameter within the setWiFiApConfig interface of the cstecgi.cgi file. This potential security flaw could allow attackers to gain control over network settings and compromise the device's integrity, emphasizing the importance of immediate mitigation measures.

References

https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2023
Vulnerability Reserved
Dec 18, 2023