Details of VAR-202312-2012

ID

VAR-202312-2012

CVE

CVE-2023-48859

TITLE

TOTOLINK of A3002RU Fraudulent Authentication Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-019111

DESCRIPTION

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. TOTOLINK of A3002RU An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48859 // JVNDB: JVNDB-2023-019111

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002ru	scope:	eq	version:	2.0.0-b20190902.1958	Trust: 1.0
vendor:	totolink	model:	a3002ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	eq	version:	a3002ru firmware 2.0.0-b20190902.1958	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-019111 // NVD: CVE-2023-48859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-48859
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-48859
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-48859
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-48859
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-019111 // NVD: CVE-2023-48859

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019111 // NVD: CVE-2023-48859

EXTERNAL IDS

db:	NVD	id:	CVE-2023-48859	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-019111	Trust: 0.8

sources: JVNDB: JVNDB-2023-019111 // NVD: CVE-2023-48859

REFERENCES

url:	https://github.com/xieqiang11/security_research/blob/main/totolink-a3002ru-rce.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48859	Trust: 0.8

sources: JVNDB: JVNDB-2023-019111 // NVD: CVE-2023-48859

SOURCES

db:	JVNDB	id:	JVNDB-2023-019111
db:	NVD	id:	CVE-2023-48859

LAST UPDATE DATE

2024-08-14T14:54:23.822000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-019111	date:	2024-01-12T03:28:00
db:	NVD	id:	CVE-2023-48859	date:	2023-12-12T16:47:30.293

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-019111	date:	2024-01-12T00:00:00
db:	NVD	id:	CVE-2023-48859	date:	2023-12-06T15:15:06.967