Lucene search

[email protected]CVE-2023-43454

HistoryDec 01, 2023 - 2:15 a.m.

CVE-2023-43454

2023-12-0102:15:07

CWE-77

[email protected]

web.nvd.nist.gov

totolink x6000r

v9.4.0cu

remote code execution

hostname parameter

switchopmode

cve-2023-43454

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.

Affected configurations

NVD

Node

totolinkx6000r_firmwareMatch9.4.0cu.652_b20230116

totolinkx6000r_firmwareMatch9.4.0cu.852_b20230719

AND

totolinkx6000rMatch-

CPENameOperatorVersion
totolink:x6000r_firmwaretotolink x6000r firmwareeq9.4.0cu.652_b20230116
totolink:x6000r_firmwaretotolink x6000r firmwareeq9.4.0cu.852_b20230719

CPE	Name	Operator	Version
totolink:x6000r_firmware	totolink x6000r firmware	eq	9.4.0cu.652_b20230116
totolink:x6000r_firmware	totolink x6000r firmware	eq	9.4.0cu.852_b20230719

References

github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/1.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2023-43454

cvelist1 prion1 nvd1