PT-2023-30720 · Totolink · Totolink A3700R

Publicado

2023-11-20

Atualizado

2023-11-29

CVE-2023-48192

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOlink A3700R version 9.1.2u.6134 B20201202

Description The issue allows a local attacker to execute arbitrary code via the setTracerouteCfg function. This enables the attacker to potentially gain control over the system, leading to unauthorized actions.

Recommendations For TOTOlink A3700R version 9.1.2u.6134 B20201202, as a temporary workaround, consider disabling the setTracerouteCfg function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-48192

Produtos afetados

Totolink A3700R

PT-2023-30720 · Totolink · Totolink A3700R

CVE-2023-48192

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6