PT-2023-30286 · Totolink · Totolink A3300R

Aurorahaaash

Publicado

2023-10-31

Atualizado

2024-09-06

CVE-2023-46993

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024

Description The issue arises when handling the setLedCfg request, where there is no verification for the enable parameter. This lack of verification can lead to command injection.

Recommendations For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider disabling the setLedCfg request until a patch is available. Restrict access to the enable parameter in the setLedCfg request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2023-46993

Produtos afetados

Totolink A3300R

PT-2023-30286 · Totolink · Totolink A3300R

CVE-2023-46993

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5