var-202312-0062
Vulnerability from variot
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company.
TOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the IP parameter of the setDiagnosisCfg component to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x6000r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "9.4.0cu.652_b20230116"
},
{
"model": "x6000r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "9.4.0cu.852_b20230719"
},
{
"model": "x6000r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "x6000r firmware 9.4.0cu.852 b20230719"
},
{
"model": "x6000r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "x6000r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "x6000r firmware 9.4.0cu.652 b20230116"
},
{
"model": "x6000r",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "x6000r v9.4.0cu.852 b20230719",
"scope": null,
"trust": 0.6,
"vendor": "zeon",
"version": null
},
{
"model": "x6000r v9.4.0cu.652 b20230116",
"scope": null,
"trust": 0.6,
"vendor": "zeon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"cve": "CVE-2023-43453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-99450",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-43453",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-43453",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-43453",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-43453",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-99450",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. \n\r\n\r\nTOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the IP parameter of the setDiagnosisCfg component to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-43453"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "VULMON",
"id": "CVE-2023-43453"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-43453",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-99450",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-43453",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "VULMON",
"id": "CVE-2023-43453"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"id": "VAR-202312-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
}
]
},
"last_update_date": "2024-08-14T15:00:00.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK X6000R IP parameter command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/500436"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/tharsis1024/vuln/blob/main/totolink/x6000r/2.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-43453"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "VULMON",
"id": "CVE-2023-43453"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"db": "VULMON",
"id": "CVE-2023-43453"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"date": "2023-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-43453"
},
{
"date": "2024-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"date": "2023-12-01T02:15:07.267000",
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-99450"
},
{
"date": "2023-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-43453"
},
{
"date": "2024-01-11T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2023-018490"
},
{
"date": "2023-12-06T18:37:21.057000",
"db": "NVD",
"id": "CVE-2023-43453"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0x6000r\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018490"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…