CVE-2023-51034

Name of the Vulnerable Software and Affected Versions TOTOlink EX1200L version 9.3.5u.6146 B20201023

Description The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the UploadFirmwareFile function. This can be exploited through the /cstecgi.cgi API endpoint, potentially allowing attackers to execute commands on the device.

Recommendations For TOTOlink EX1200L version 9.3.5u.6146 B20201023, consider disabling the UploadFirmwareFile function in the cstecgi.cgi interface as a temporary workaround until a patch is available. Restrict access to the /cstecgi.cgi API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.