exploitDog

CVE-2023-24160

Опубликовано: 14 фев. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

Ссылки

https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admuser/setPasswordCfg_admuser.md
Exploit
Third Party Advisory
https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admuser/setPasswordCfg_admuser.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*

cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01402

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-hhv2-mgcf-2j9h

CVSS3: 9.8

github

почти 3 года назад

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

EPSS

Процентиль: 80%

0.01402

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77