CVE-2023-4746

Name of the Vulnerable Software and Affected Versions TOTOLINK N200RE V5 version 9.3.5u.6437 B20230519

Description The issue is related to the Validity check() function in the TOTOLINK N200RE V5 router's firmware. It involves the use of uncontrolled format strings when processing the % symbol, which can lead to format string vulnerabilities. This can be exploited remotely, allowing an attacker to execute arbitrary commands. The root cause is a format string issue that enables OS command injection by bypassing validation.

Recommendations For TOTOLINK N200RE V5 version 9.3.5u.6437 B20230519, as a temporary workaround, consider disabling the Validity check() function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the % symbol in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.