CVE-2023-37145

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 7, 2023
Updated: Jul 12, 2023
CWE ID 77

Summary

CVE-2023-37145 is a newly disclosed vulnerability affecting the TOTOLINK LR350 V9.3.5u.6369_B20220309 firmware. This issue grants an attacker the ability to inject commands via the hostname parameter in the setOpModeCfg function, potentially leading to unauthorized system control. Successful exploitation of this vulnerability could result in significant damage, including unauthorized access or Denial of Service attacks. Users are strongly advised to update their firmware as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share