PT-2023-22422 · Totolink · Totolink X18
Published
2023-04-14
·
Updated
2023-04-21
·
CVE-2023-29801
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK X18 version 9.1.0cu.2024 B20220329
Description
The issue is related to multiple command injection vulnerabilities. These vulnerabilities can be exploited via the
rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.Recommendations
For TOTOLINK X18 version 9.1.0cu.2024 B20220329, consider disabling the
setSyslogCfg function until a patch is available to prevent exploitation of the command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink X18