Lucene search
HistoryOct 25, 2023 - 6:17 p.m.
CVE-2023-46574
cve-2023-46574
totolink
remote code execution
filename parameter
uploadfirmwarefile function
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.433
Percentile
97.4%
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
Affected configurations
Node
totolinka3700r_firmwareMatch9.1.2u.6165_20211012
totolinka3700rMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| totolink | a3700r_firmware | 9.1.2u.6165_20211012 | cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:* |
| totolink | a3700r | - | cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2023-10-25 18:17:00
nuclei
nuclei
TOTOLINK A3700R - Command Injection
2023-12-25 00:56:03
vulnrichment
vulnrichment
CVE-2023-46574
2023-10-24 00:00:00
cvelist
cvelist
CVE-2023-46574
2023-10-24 00:00:00
cve
cve
CVE-2023-46574
2023-10-25 18:17:39
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.433
Percentile
97.4%
Related for NVD:CVE-2023-46574