CVE-2023-48802
https://notcve.org/view.php?id=CVE-2023-48802
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la función sub_4119A0 obtiene campos del front-end a través de Uci_ Set_. La función Str cuando se pasa a la función CsteSystem crea una vulnerabilidad de ejecución de comandos. • https://www.notion.so/X6000R-sub_4119A0-6-9541a9b3387a40de856a1cad692ba8d4?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-48803
https://notcve.org/view.php?id=CVE-2023-48803
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la función sub_4119A0 obtiene campos del front-end a través de Uci_ Set_. La función Str cuando se pasa a la función CsteSystem crea una vulnerabilidad de ejecución de comandos. • https://www.notion.so/X6000R-sub_4119A0-4-aead0a851416422ea2e282409eec3351?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-48192
https://notcve.org/view.php?id=CVE-2023-48192
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Un problema en TOTOlink A3700R v.9.1.2u.6134_B20201202 permite a un atacante local ejecutar código arbitrario a través de la función setTracerouteCfg. • http://totolink.com https://github.com/zxsssd/TotoLink- https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46485
https://notcve.org/view.php?id=CVE-2023-46485
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar código arbitrario a través de la función setTracerouteCfg del componente stecgi.cgi. • https://815yang.github.io/2023/10/29/x6000r/TOTOlink%20X6000R%20V9.1.0cu.2350_B20230313-rsetTracerouteCfg • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-46484
https://notcve.org/view.php?id=CVE-2023-46484
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar código arbitrario a través de la función setLedCfg. • https://815yang.github.io/2023/10/29/x6000r/setLedCfg/TOTOlink%20X6000R%20setLedCfg%20e • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •