PT-2023-25805 · Totolink · Totolink Lr350
Dadong-G
·
Publicado
2023-07-07
·
Atualizado
2023-07-12
·
CVE-2023-37146
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK LR350 version 9.3.5u.6369 B20220309
Description
A command injection issue was discovered via the
FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation.Recommendations
For TOTOLINK LR350 version 9.3.5u.6369 B20220309, consider restricting access to the
UploadFirmwareFile function until a patch is available. As a temporary workaround, avoid using the FileName parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Totolink Lr350