CVE-2023-48810: OS Command Injection
First published: Thu Nov 30 2023(Updated: )
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Totolink X6000r Firmware | =9.4.0cu.852_b20230719 | |
| TOTOlink X6000R |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-48810.
What is the severity of CVE-2023-48810?
CVE-2023-48810 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2023-48810?
TOTOLINK X6000R V9.4.0cu.852_B20230719 firmware is affected by CVE-2023-48810.
How does CVE-2023-48810 create a command execution vulnerability?
CVE-2023-48810 creates a command execution vulnerability by obtaining fields from the front-end and passing them to the CsteSystem function.
Is TOTOLINK X6000R vulnerable to CVE-2023-48810?
Yes, TOTOLINK X6000R V9.4.0cu.852_B20230719 firmware is vulnerable to CVE-2023-48810.
- collector/nvd-api
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/totolink
- canonical/totolink x6000r firmware
- version/totolink x6000r firmware/9.4.0cu.852_b20230719
- canonical/totolink x6000r