CVE-2023-48800 Information
Dec 08, 2023
cve
Description
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719 the shttpd file sub_417338 function obtains fields from the front-end connects them through the snprintf function and passes them to the CsteSystem function resulting in a command execution vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.notion.so/X6000R-sub_417338-ad96548d06c645738daf3ab77575fd74?pvs=4 https://palm-jump-676.notion.site/CVE-2023-48800-ad96548d06c645738daf3ab77575fd74
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: