CVE-2023-43454

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719

Description The issue allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.

Recommendations For versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719, consider restricting access to the switchOpMode component to minimize the risk of exploitation. As a temporary workaround, avoid using the hostName parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.