CVE-2023-24159 in CA300-PoEinfo

Summary

by MITRE • 02/14/2023

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 10/19/2025

The vulnerability identified as CVE-2023-24159 affects TOTOLINK CA300-PoE V6.2c.884 devices and represents a critical command injection flaw within the web administration interface. This issue stems from improper input validation in the setPasswordCfg function where the admpass parameter fails to adequately sanitize user-supplied data before processing. The vulnerability resides in the device's firmware implementation and specifically impacts the administrative password configuration functionality, creating a pathway for remote attackers to execute arbitrary commands on the affected device.

The technical exploitation of this vulnerability occurs through manipulation of the admpass parameter within the setPasswordCfg function, which allows attackers to inject malicious commands that are subsequently executed with the privileges of the web server process. This command injection flaw falls under the CWE-77 category, specifically CWE-77: Improper Neutralization of Special Elements used in a Command, which is a well-documented weakness in software applications that process user input without proper sanitization. The vulnerability enables attackers to bypass authentication mechanisms and potentially gain full administrative control over the network device, as the injected commands execute with elevated privileges typically associated with system-level operations.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it provides attackers with complete control over the affected network infrastructure. Once exploited, adversaries can modify network configurations, establish persistent backdoors, monitor network traffic, and potentially use the compromised device as a pivot point for attacking other systems within the network. This represents a significant threat to network security and can result in data breaches, service disruption, and unauthorized access to sensitive network resources. The vulnerability affects the device's ability to maintain secure administrative access and compromises the integrity of the entire network infrastructure.

Security mitigations for this vulnerability should include immediate firmware updates from TOTOLINK to address the command injection flaw in the setPasswordCfg function. Network administrators should implement strict network segmentation and access controls to limit exposure of administrative interfaces to trusted networks only. Additionally, monitoring for suspicious administrative activities and implementing intrusion detection systems can help identify potential exploitation attempts. Organizations should also consider disabling unnecessary administrative services and implementing multi-factor authentication for administrative access. The vulnerability aligns with ATT&CK technique T1059.001 for Command and Scripting Interpreter, where adversaries use legitimate system utilities to execute malicious commands. Regular security assessments and vulnerability scanning should be conducted to identify similar weaknesses in network infrastructure components. Given the severity of command injection vulnerabilities, immediate remediation is essential to prevent potential exploitation by threat actors who may be actively targeting this specific flaw in the wild.

Reservation

01/23/2023

Disclosure

02/14/2023

Moderation

accepted

CPE

ready

EPSS

0.01920

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!