CVE-2023-7223

🗓️ 09 Jan 2024 15:31:04Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 44 Views🌐 WEB

Vulnerability in Totolink T6 4.1.9cu.5241_B20210923 with improper access control

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the /cgi-bin/cstecgi.cgi file, a microprogramming system for the TOTOLink T6 mesh system, allows a perpetrator to increase their privileges.	12 Feb 202400:00	–	bdu_fstec
Circl	CVE-2023-7223	9 Jan 202417:27	–	circl
CNNVD	TOTOLINK T6 访问控制错误漏洞	9 Jan 202400:00	–	cnnvd
CNVD	TOTOLINK T6 Access Control Error Vulnerability	12 Jan 202400:00	–	cnvd
Cvelist	CVE-2023-7223 Totolink T6 cstecgi.cgi access control	9 Jan 202415:31	–	cvelist
EUVD	EUVD-2023-59404	3 Oct 202520:07	–	euvd
NVD	CVE-2023-7223	9 Jan 202416:15	–	nvd
Prion	Improper access control	9 Jan 202416:15	–	prion
Positive Technologies	PT-2024-1582 · Totolink · Totolink T6	9 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-7223	23 May 202505:23	–	redhatcve

NVD

Node

totolink t6_firmwareMatch4.1.9cu.5241_b20210923

AND

totolink t6Match-

[
  {
    "vendor": "Totolink",
    "product": "T6",
    "versions": [
      {
        "version": "4.1.9cu.5241_B20210923",
        "status": "affected"
      }
    ]
  }
]

Source	Link
drive	www.drive.google.com/file/d/1puSOo5XrzMrctw7EtrE7DnfssOOuhRTS/view
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
topicurl	query param	/cgi-bin/cstecgi.cgi	Improper access controls via manipulation of the topicurl argument on /cgi-bin/cstecgi.cgi, enabling remote exploitation.	CWE-284

17 Jun 2026 06:52Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.3 - 6.5

CVSS 25

CVSS 35.3

EPSS0.00644

SSVC

CWE-284

cve-2023-7223 totolink t6 vulnerability improper access controls remote attack vdb-249867 nvd security disclosure