A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/OraclePi/repo/tree/main/totolink%20X5000R | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.247247 | Third Party Advisory |
https://vuldb.com/?id.247247 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulDB
Published: 2023-12-08T15:31:04.669Z
Updated: 2023-12-09T06:54:32.625Z
Reserved: 2023-12-08T09:07:13.778Z
Link: CVE-2023-6612
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-08T16:15:18.713
Modified: 2024-05-17T02:33:48.527
Link: CVE-2023-6612
JSON object: View
Redhat Information
No data.
CWE