CVE-2023-51033

Name of the Vulnerable Software and Affected Versions TOTOlink EX1200L version 9.3.5u.6146 B20201023

Description The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the setOpModeCfg function. This could potentially be exploited through the "/cstecgi.cgi" API endpoint, by manipulating the setOpModeCfg variable.

Recommendations For TOTOlink EX1200L version 9.3.5u.6146 B20201023, consider disabling access to the "cstecgi.cgi" interface until a patch is available, or restrict the use of the setOpModeCfg function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.