Lucene search

[email protected]NVD:CVE-2023-52041

HistoryJan 16, 2024 - 7:15 p.m.

CVE-2023-52041

2024-01-1619:15:08

[email protected]

web.nvd.nist.gov

totolink x6000r

v9.4.0cu.852_b20230719

arbitrary code execution

shttpd program

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.046

Percentile

92.7%

JSON

An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.

Affected configurations

Nvd

Node

totolinkx6000rMatch-

AND

totolinkx6000r_firmwareMatch9.4.0cu.852_b20230719

VendorProductVersionCPE
totolinkx6000r-cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*
totolinkx6000r_firmware9.4.0cu.852_b20230719cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	x6000r	-	cpe:2.3:h:totolink:x6000r:-:::::::*
totolink	x6000r_firmware	9.4.0cu.852_b20230719	cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:::::::*

References

kee02p.github.io/2024/01/13/CVE-2023-52041/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.046

Percentile

92.7%

JSON

Related for NVD:CVE-2023-52041

cvelist1 cve1 prion1