A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.237514 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.237514 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
23 Aug 2023, 17:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Totolink
Totolink ex1200l Totolink ex1200l Firmware |
|
CPE | cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:* cpe:2.3:h:totolink:ex1200l:-:*:*:*:*:*:*:* |
|
References | (MISC) https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8 - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.237514 - Permissions Required, Third Party Advisory, VDB Entry | |
References | (MISC) https://vuldb.com/?id.237514 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
18 Aug 2023, 15:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-18 14:15
Updated : 2024-05-17 02:31
NVD link : CVE-2023-4411
Mitre link : CVE-2023-4411
CVE.ORG link : CVE-2023-4411
JSON object : View
Products Affected
totolink
- ex1200l_firmware
- ex1200l
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')