ID
VAR-202401-1377
CVE
CVE-2023-52031
TITLE
TOTOLINK A3700R UploadFirmwareFile method command injection vulnerability
Trust: 0.6
DESCRIPTION
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. TOTOLINK A3700R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. There is a command injection vulnerability in the TOTOLINK A3700R v9.1.2u.5822_B20200513 version. The vulnerability is caused by the UploadFirmwareFile method failing to correctly filter special characters, commands, etc. in the constructed command
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | totolink | model: | a3700r | scope: | eq | version: | 9.1.2u.5822_b20200513 | Trust: 1.0 |
| vendor: | totolink | model: | a3700r v9.1.2u.5822 b20200513 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
PATCH
| title: | Patch for TOTOLINK A3700R UploadFirmwareFile method command injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/518071 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-52031 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-06228 | Trust: 0.6 |
REFERENCES
| url: | https://815yang.github.io/2023/12/04/a3700r/totolink%20a3700r_uploadfirmwarefile/ | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-06228 |
| db: | NVD | id: | CVE-2023-52031 |
LAST UPDATE DATE
2024-08-14T15:10:22.478000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-06228 | date: | 2024-01-29T00:00:00 |
| db: | NVD | id: | CVE-2023-52031 | date: | 2024-01-17T18:24:45.007 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-06228 | date: | 2024-01-19T00:00:00 |
| db: | NVD | id: | CVE-2023-52031 | date: | 2024-01-11T09:15:47.437 |