CVE-2023-39617
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-39617 affects TOTOLINK's X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 firmware versions. This vulnerability allows remote code execution (RCE) through the lang parameter in the setLanguageCfg function. An attacker can exploit this by sending crafted HTTP requests to the affected device, potentially gaining full control over it. Successful exploitation could lead to unauthorized access, data theft, or even device destruction. Users are advised to update their firmware to a non-vulnerable version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK