CVE-2023-29803

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2024 B20220329

Description The issue is related to a command injection vulnerability in the disconnectVPN function, specifically via the pid parameter. This vulnerability is due to insufficient argument checking, allowing a remote attacker to execute arbitrary commands.

Recommendations For TOTOLINK X18 version 9.1.0cu.2024 B20220329, as a temporary workaround, consider restricting access to the disconnectVPN function or the pid parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.