Lucene search

MitreCVE-2023-46485

HistoryOct 31, 2023 - 9:15 p.m.

CVE-2023-46485

2023-10-3121:15:08

CWE-77

mitre

web.nvd.nist.gov

totolink

x6000r

v9.4.0cu.852_b20230719

cve-2023-46485

remote attacker

arbitrary code

stecgi.cgi

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.008

Percentile

82.3%

JSON

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

Affected configurations

Nvd

Node

totolinkx6000r_firmwareMatch9.4.0cu.852_b20230719

AND

totolinkx6000rMatch-

VendorProductVersionCPE
totolinkx6000r_firmware9.4.0cu.852_b20230719cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*
totolinkx6000r-cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	x6000r_firmware	9.4.0cu.852_b20230719	cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:::::::*
totolink	x6000r	-	cpe:2.3:h:totolink:x6000r:-:::::::*

References

815yang.github.io/2023/10/29/x6000r/TOTOlink%20X6000R%20V9.1.0cu.2350_B20230313-rsetTracerouteCfg/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.008

Percentile

82.3%

JSON

Related for CVE-2023-46485