5 matches found
CVE-2023-48804
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
CVE-2023-48804
creationtimestamp| type| source ---|---|--- 2023-12-21 15:11:31+00:00| seen| https://t.me/ctinow/157731...
CVE-2023-48804
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
CVE-2023-48804
Affected product: TOTOLINK X6000R, version 9.4.0cu.852_B20230719. Component/trigger: shttpd, function sub_4119A0; unfiltered front-end fields passed to CsteSystem via Uci_Set_The_Str. Root cause: improper input handling enables command construction and execution when fields reach CsteSystem. Impa...
CVE-2023-48804
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...