CVE-2023-48812 — Vulnetix

CVE-2023-48812 PUBLISHED CVSS 9.800000190734863 CRITICAL

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

EPSS 0.35% · 57.6th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.35%

57.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
totolink	x6000r_firmware	9.4.0cu.852_b20230719

Timeline

Nov 30, 2023 CVE Published
Dec 1, 2023 EPSS Score
Dec 31, 2023 EPSS Score
Jan 29, 2024 EPSS Score
Mar 28, 2024 EPSS Score
Apr 27, 2024 EPSS Score
May 27, 2024 EPSS Score
Jun 25, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Sep 22, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 19, 2024 EPSS Score

References

https://www.notion.so/X6000R-sub_4119A0-10-82467d98d07c45a59ec3729ec712cb57?pvs=4 url
https://nvd.nist.gov/vuln/detail/CVE-2023-48812 advisory

Open in Interactive Console →