Lucene search

[email protected]NVD:CVE-2023-36953

HistoryOct 16, 2023 - 6:15 a.m.

CVE-2023-36953

2023-10-1606:15:10

CWE-77

[email protected]

web.nvd.nist.gov

totolink cp300+ vulnerability

command injection

cve-2023-36953

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.818

Percentile

98.5%

JSON

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

Affected configurations

Nvd

Node

totolinkcp300\+_firmwareMatch5.2cu.7594_b20200910

AND

totolinkcp300\+Match-

VendorProductVersionCPE
totolinkcp300\+_firmware5.2cu.7594_b20200910cpe:2.3:o:totolink:cp300\+_firmware:5.2cu.7594_b20200910:*:*:*:*:*:*:*
totolinkcp300\+-cpe:2.3:h:totolink:cp300\+:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	cp300\+_firmware	5.2cu.7594_b20200910	cpe:2.3:o:totolink:cp300\+_firmware:5.2cu.7594_b20200910:::::::*
totolink	cp300\+	-	cpe:2.3:h:totolink:cp300\+:-:::::::*

References

github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_2.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.818

Percentile

98.5%

JSON

Related for NVD:CVE-2023-36953

cvelist1 vulnrichment1 prion1 cve1