CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-48811
https://notcve.org/view.php?id=CVE-2023-48811
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la función sub_4119A0 obtiene campos del front-end a través de Uci_ Set_ The Str que, cuando se pasa a la función CsteSystem, crea una vulnerabilidad de ejecución de comandos. • https://www.notion.so/X6000R-sub_4119A0-8-2332305e3d8044c09f093404a8ae59f4?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-48802
https://notcve.org/view.php?id=CVE-2023-48802
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la función sub_4119A0 obtiene campos del front-end a través de Uci_ Set_. La función Str cuando se pasa a la función CsteSystem crea una vulnerabilidad de ejecución de comandos. • https://www.notion.so/X6000R-sub_4119A0-6-9541a9b3387a40de856a1cad692ba8d4?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-48803
https://notcve.org/view.php?id=CVE-2023-48803
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la función sub_4119A0 obtiene campos del front-end a través de Uci_ Set_. La función Str cuando se pasa a la función CsteSystem crea una vulnerabilidad de ejecución de comandos. • https://www.notion.so/X6000R-sub_4119A0-4-aead0a851416422ea2e282409eec3351?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46485
https://notcve.org/view.php?id=CVE-2023-46485
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar código arbitrario a través de la función setTracerouteCfg del componente stecgi.cgi. • https://815yang.github.io/2023/10/29/x6000r/TOTOlink%20X6000R%20V9.1.0cu.2350_B20230313-rsetTracerouteCfg • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46484
https://notcve.org/view.php?id=CVE-2023-46484
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar código arbitrario a través de la función setLedCfg. • https://815yang.github.io/2023/10/29/x6000r/setLedCfg/TOTOlink%20X6000R%20setLedCfg%20e • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •