Lucene search

MitreCVE-2023-39617

HistoryAug 21, 2023 - 2:15 a.m.

CVE-2023-39617

2023-08-2102:15:09

CWE-77

mitre

web.nvd.nist.gov

cve-2023-39617

totolink

x5000r

remote code execution

lang parameter

setlanguagecfg

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.7%

JSON

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

Affected configurations

Nvd

Node

totolinkx5000rMatch-

AND

totolinkx5000r_firmwareMatch9.1.0cu.2089_b20211224

totolinkx5000r_firmwareMatch9.1.0cu.2350_b20230313

VendorProductVersionCPE
totolinkx5000r-cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*
totolinkx5000r_firmware9.1.0cu.2089_b20211224cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2089_b20211224:*:*:*:*:*:*:*
totolinkx5000r_firmware9.1.0cu.2350_b20230313cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2350_b20230313:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	x5000r	-	cpe:2.3:h:totolink:x5000r:-:::::::*
totolink	x5000r_firmware	9.1.0cu.2089_b20211224	cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2089_b20211224:::::::*
totolink	x5000r_firmware	9.1.0cu.2350_b20230313	cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2350_b20230313:::::::*

References

sedate-class-393.notion.site/TOTOlink-ee7eb0d4cd5d43e9983296200371eff1?pvs=4

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.7%

JSON

Related for CVE-2023-39617