CVE-2023-48801

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R Firmware version V9.4.0cu.852 B20230719

Description The issue arises from the shttpd file's sub 415534 function, which obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution issue.

Recommendations For TOTOLINK X6000R Firmware version V9.4.0cu.852 B20230719, consider disabling the sub 415534 function in the shttpd file as a temporary workaround until a patch is available. Restrict access to the CsteSystem function to minimize the risk of exploitation. Avoid using the snprintf function to connect fields from the front-end until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.