Remote Command Execution Vulnerability in TOTOlink EX1800T by TOTOlink
CVE-2023-52026

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Ex1800t Firmware
Vendor: CVE Published:; 12 January 2024

Summary

The TOTOlink EX1800T model V9.1.0cu.2112_B20220316 is susceptible to a remote command execution vulnerability caused by improper handling of the telnet_enabled parameter located within the setTelnetCfg interface. This vulnerability could potentially allow an attacker to execute arbitrary commands on the affected device remotely, compromising the security and functionality of the network device. Addressing this issue is crucial for users of the TOTOlink EX1800T to maintain the integrity and security of their systems.

References

https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Dec 26, 2023

Collectors

NVD DatabaseMitre Database