Lucene search

[email protected]NVD:CVE-2023-29802

HistoryApr 14, 2023 - 2:15 p.m.

CVE-2023-29802

2023-04-1414:15:11

CWE-77

[email protected]

web.nvd.nist.gov

totolink x18

v9.1.0cu.2024_b20220329

command injection

vulnerability

setdiagnosiscfg function

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.545

Percentile

97.7%

JSON

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

Affected configurations

Nvd

Node

totolinkx18_firmwareMatch9.1.0cu.2021_b20220326

totolinkx18_firmwareMatch9.1.0cu.2024_b20220329

AND

totolinkx18Match-

VendorProductVersionCPE
totolinkx18_firmware9.1.0cu.2021_b20220326cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2021_b20220326:*:*:*:*:*:*:*
totolinkx18_firmware9.1.0cu.2024_b20220329cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2024_b20220329:*:*:*:*:*:*:*
totolinkx18-cpe:2.3:h:totolink:x18:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	x18_firmware	9.1.0cu.2021_b20220326	cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2021_b20220326:::::::*
totolink	x18_firmware	9.1.0cu.2024_b20220329	cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2024_b20220329:::::::*
totolink	x18	-	cpe:2.3:h:totolink:x18:-:::::::*

References

sore-pail-31b.notion.site/Command-Injection-3-8eb94b608bcd48f8aa4e983d2d1c4526

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.545

Percentile

97.7%

JSON

Related for NVD:CVE-2023-29802

cve1 prion1 cvelist1