Lucene search

MitreCVE-2023-43141

HistorySep 25, 2023 - 4:15 p.m.

CVE-2023-43141

2023-09-2516:15:14

mitre

web.nvd.nist.gov

totolink

a3700r

n600r

vulnerability

incorrect access control

cve-2023-43141

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

84.2%

JSON

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

Affected configurations

Nvd

Node

totolinka3700rMatch-

AND

totolinka3700r_firmwareMatch9.1.2u.6134_b20201202

Node

totolinkn600rMatch-

AND

totolinkn600r_firmwareMatch4.3.0cu.7647_b20210106

VendorProductVersionCPE
totolinka3700r-cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*
totolinka3700r_firmware9.1.2u.6134_b20201202cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6134_b20201202:*:*:*:*:*:*:*
totolinkn600r-cpe:2.3:h:totolink:n600r:-:*:*:*:*:*:*:*
totolinkn600r_firmware4.3.0cu.7647_b20210106cpe:2.3:o:totolink:n600r_firmware:4.3.0cu.7647_b20210106:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	a3700r	-	cpe:2.3:h:totolink:a3700r:-:::::::*
totolink	a3700r_firmware	9.1.2u.6134_b20201202	cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6134_b20201202:::::::*
totolink	n600r	-	cpe:2.3:h:totolink:n600r:-:::::::*
totolink	n600r_firmware	4.3.0cu.7647_b20210106	cpe:2.3:o:totolink:n600r_firmware:4.3.0cu.7647_b20210106:::::::*

References

totolink.com

github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

84.2%

JSON

Related for CVE-2023-43141