Lucene search

MitreCVE-2023-48800

HistoryDec 04, 2023 - 1:15 p.m.

CVE-2023-48800

2023-12-0413:15:07

CWE-78

mitre

web.nvd.nist.gov

cve-2023-48800

totolink x6000r

firmware

vulnerability

command execution

shttpd

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

Affected configurations

Nvd

Node

totolinkx6000r_firmwareMatch9.4.0cu.852_b20230719

AND

totolinkx6000rMatch-

VendorProductVersionCPE
totolinkx6000r_firmware9.4.0cu.852_b20230719cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*
totolinkx6000r-cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	x6000r_firmware	9.4.0cu.852_b20230719	cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:::::::*
totolink	x6000r	-	cpe:2.3:h:totolink:x6000r:-:::::::*

References

palm-jump-676.notion.site/CVE-2023-48800-ad96548d06c645738daf3ab77575fd74

www.notion.so/X6000R-sub_417338-ad96548d06c645738daf3ab77575fd74?pvs=4

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for CVE-2023-48800