CVE-2023-46485: Command Injection
First published: Tue Oct 31 2023(Updated: )
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Totolink X6000R AX3000 | =9.4.0cu.852_b20230719 | |
| Totolink X6000R AX3000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-46485.
What is the severity of CVE-2023-46485?
The severity of CVE-2023-46485 is critical with a severity value of 9.8.
What is the affected software for CVE-2023-46485?
The affected software for CVE-2023-46485 is Totolink X6000r Firmware version 9.4.0cu.852_b20230719.
How can a remote attacker exploit CVE-2023-46485?
A remote attacker can exploit CVE-2023-46485 by executing arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
Is TOTOlink X6000R vulnerable to CVE-2023-46485?
No, TOTOlink X6000R is not vulnerable to CVE-2023-46485.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/totolink
- canonical/totolink x6000r ax3000
- version/totolink x6000r ax3000/9.4.0cu.852_b20230719