Summaryinfo

A vulnerability classified as critical was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is the function sub_4119A0 of the file shttpd. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2023-48804. There is no exploit available. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability classified as critical has been found in Totolink X6000R 9.4.0cu.852_B20230719. Affected is the function sub_4119A0 of the file shttpd. CWE is classifying the issue as CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

The weakness was shared 12/01/2023. The advisory is shared for download at notion.so. This vulnerability is traded as CVE-2023-48804 since 11/20/2023. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1202.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Totolink

Name

• X6000R

Version

• 9.4.0cu.852_B20230719

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion