PT-2022-8676 · Optilink · Optilink Op-Xt71000N

·

CVE-2020-23583

·

Published

2022-11-23

·

Updated

2025-04-25

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OPTILINK OP-XT71000N version 2.2
Description The issue is related to Remote Code Execution. It occurs when an attacker sends arbitrary code to the "/diag ping admin.asp" API endpoint, specifically to the "PingTest" interface, leading to command execution. This allows an attacker to compromise the full system.
Recommendations For OPTILINK OP-XT71000N version 2.2, consider disabling access to the "/diag ping admin.asp" API endpoint until a patch is available. Restrict the use of the "PingTest" interface to minimize the risk of exploitation.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2020-23583

Affected Products

Optilink Op-Xt71000N