CVE-2023-46978

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R version 9.4.0cu.852 B20230719

Description The issue concerns incorrect access control, allowing attackers to reset login and WIFI passwords without proper authentication.

Recommendations For TOTOLINK X6000R version 9.4.0cu.852 B20230719, consider restricting access to the password reset functionality until a fix is available. As a temporary workaround, changing the default login credentials and WIFI passwords to strong, unique ones may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.