CVE-2023-31569

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2350 B20230313

Description The issue is related to a command injection vulnerability via the setWanCfg function. This vulnerability is associated with a lack of input data sanitization measures in the TOTOLINK X5000R router's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For TOTOLINK X5000R version 9.1.0cu.2350 B20230313, consider disabling the setWanCfg function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.