Details of VAR-202310-1550

ID

VAR-202310-1550

CVE

CVE-2023-46992

TITLE

TOTOLINK of a3300r Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-015864

DESCRIPTION

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. TOTOLINK of a3300r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3300R is a wireless router made by China Zeon Electronics (TOTOLINK) Company

Trust: 2.25

sources: NVD: CVE-2023-46992 // JVNDB: JVNDB-2023-015864 // CNVD: CNVD-2023-99330 // VULMON: CVE-2023-46992

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-99330

AFFECTED PRODUCTS

vendor:	totolink	model:	a3300r	scope:	eq	version:	17.0.0cu.557_b20221024	Trust: 1.0
vendor:	totolink	model:	a3300r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3300r	scope:	eq	version:	a3300r firmware 17.0.0cu.557 b20221024	Trust: 0.8
vendor:	totolink	model:	a3300r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3300r v17.0.0cu.557 b20221024	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-99330 // JVNDB: JVNDB-2023-015864 // NVD: CVE-2023-46992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-46992
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46992
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-46992
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-99330
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-99330
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-46992
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-46992
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-99330 // JVNDB: JVNDB-2023-015864 // NVD: CVE-2023-46992 // NVD: CVE-2023-46992

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-863	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-015864 // NVD: CVE-2023-46992

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46992	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-015864	Trust: 0.8
db:	CNVD	id:	CNVD-2023-99330	Trust: 0.6
db:	VULMON	id:	CVE-2023-46992	Trust: 0.1

sources: CNVD: CNVD-2023-99330 // VULMON: CVE-2023-46992 // JVNDB: JVNDB-2023-015864 // NVD: CVE-2023-46992

REFERENCES

url:	https://github.com/aurorahaaash/vul_report/blob/main/totolink%20a3300r/readme.md	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46992	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-99330 // VULMON: CVE-2023-46992 // JVNDB: JVNDB-2023-015864 // NVD: CVE-2023-46992

SOURCES

db:	CNVD	id:	CNVD-2023-99330
db:	VULMON	id:	CVE-2023-46992
db:	JVNDB	id:	JVNDB-2023-015864
db:	NVD	id:	CVE-2023-46992

LAST UPDATE DATE

2024-10-29T23:41:43.798000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-99330	date:	2023-12-21T00:00:00
db:	VULMON	id:	CVE-2023-46992	date:	2023-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-015864	date:	2023-12-28T05:00:00
db:	NVD	id:	CVE-2023-46992	date:	2024-10-28T19:35:10.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-99330	date:	2023-12-13T00:00:00
db:	VULMON	id:	CVE-2023-46992	date:	2023-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-015864	date:	2023-12-28T00:00:00
db:	NVD	id:	CVE-2023-46992	date:	2023-10-31T15:15:09.787