CVE-2023-4746

Published: Sep 4, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.

Affected (1)

Products: Totolink: N200re V5 Firmware

1 product

N200re V5 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re V5 Firmware	Version 9.3.5u.6437_b20230519

Running on/with	Platform Versions
Totolink N200re V5	All versions

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (6)

https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.238635

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.238635

Source: cna@vuldb.com

Third Party Advisory

https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.238635

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.238635

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.