CVE-2023-7223

Name of the Vulnerable Software and Affected Versions Totolink T6 version 4.1.9cu.5241 B20210923

Description A vulnerability has been found in the Totolink T6, affecting an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the topicurl argument with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue is related to insufficient access control in the mesh system's software.

Recommendations For Totolink T6 version 4.1.9cu.5241 B20210923, as a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file until a patch is available. Avoid using the topicurl argument with the input showSyslog in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.