ID

VAR-202312-1439


CVE

CVE-2023-51025


TITLE

TOTOLINK EX1800T setPasswordCfg interface command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-21657

DESCRIPTION

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the admuser parameter of the setPasswordCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system

Trust: 1.44

sources: NVD: CVE-2023-51025 // CNVD: CNVD-2024-21657

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-21657

AFFECTED PRODUCTS

vendor:totolinkmodel:ex1800tscope:eqversion:9.1.0cu.2112_b20220316

Trust: 1.0

vendor:totolinkmodel:ex1800t v9.1.0cu.2112 b20220316scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-21657 // NVD: CVE-2023-51025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51025
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-51025
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-21657
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-21657
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-51025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-51025
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-21657 // NVD: CVE-2023-51025 // NVD: CVE-2023-51025

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2023-51025

EXTERNAL IDS

db:NVDid:CVE-2023-51025

Trust: 1.6

db:CNVDid:CNVD-2024-21657

Trust: 0.6

sources: CNVD: CNVD-2024-21657 // NVD: CVE-2023-51025

REFERENCES

url:https://815yang.github.io/2023/12/11/ex1800t/2/totolinkex1800t_v9.1.0cu.2112_b20220316setpasswordcfg-admuser/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-51025

Trust: 0.6

sources: CNVD: CNVD-2024-21657 // NVD: CVE-2023-51025

SOURCES

db:CNVDid:CNVD-2024-21657
db:NVDid:CVE-2023-51025

LAST UPDATE DATE

2024-09-12T23:31:18.923000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-21657date:2024-05-08T00:00:00
db:NVDid:CVE-2023-51025date:2024-09-12T13:35:20.590

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-21657date:2024-05-10T00:00:00
db:NVDid:CVE-2023-51025date:2023-12-22T18:15:07.860