Lucene search

[email protected]CVE-2023-51035

HistoryDec 22, 2023 - 7:15 p.m.

CVE-2023-51035

2023-12-2219:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-51035

totolink

ex1200l

vulnerability

arbitrary command execution

cstecgi.cgi

ntpsyncwithhost

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

JSON

TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.

Affected configurations

NVD

Node

totolinkex1200l_firmwareMatch9.3.5u.6146_b20201023

AND

totolinkex1200lMatch-

CPENameOperatorVersion
totolink:ex1200l_firmwaretotolink ex1200l firmwareeq9.3.5u.6146_b20201023

CPE	Name	Operator	Version
totolink:ex1200l_firmware	totolink ex1200l firmware	eq	9.3.5u.6146_b20201023

References

815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2023-51035

nvd1 cvelist1 prion1