CVE-2023-29799

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2024 B20220329

Description The issue is related to a command injection vulnerability via the hostname parameter in the setOpModeCfg function. This vulnerability is associated with insufficient argument checking, allowing a remote attacker to execute arbitrary commands.

Recommendations For TOTOLINK X18 version 9.1.0cu.2024 B20220329, as a temporary workaround, consider disabling the setOpModeCfg function until a patch is available. Restrict access to the hostname parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.