PT-2023-30720 · Totolink · Totolink A3700R

Published

2023-11-20

Updated

2023-11-29

CVE-2023-48192

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOlink A3700R version 9.1.2u.6134 B20201202

Description The issue allows a local attacker to execute arbitrary code via the setTracerouteCfg function. This enables the attacker to potentially gain control over the system, leading to unauthorized actions.

Recommendations For TOTOlink A3700R version 9.1.2u.6134 B20201202, as a temporary workaround, consider disabling the setTracerouteCfg function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2023-48192

Affected Products

Totolink A3700R

PT-2023-30720 · Totolink · Totolink A3700R

CVE-2023-48192

Weakness Enumeration

Related Identifiers

Affected Products

References · 6