CVE-2023-51026

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOlink EX1800T version 9.1.0cu.2112 B20220316

Description The issue allows for unauthorized arbitrary command execution in the hour parameter of the setRebootScheCfg interface of the cstecgi .cgi. This could potentially lead to malicious actions being performed on the device.

Recommendations For TOTOlink EX1800T version 9.1.0cu.2112 B20220316, consider restricting access to the setRebootScheCfg interface of the cstecgi .cgi until a patch is available, and avoid using the hour parameter in this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2023-51026

Affected Products

Totolink Ex1800T

CVE-2023-51026

Weakness Enumeration

Related Identifiers

Affected Products

References · 6