CVE-2023-46979

Summary

CVE-2023-46979 is a command injection vulnerability found in TOTOLINK X6000R V9.4.0cu.852_B20230719, specifically in the setLedCfg function through the enable parameter. This vulnerability affects the tUBjjX product. The base severity of this vulnerability is classified as CRITICAL, with a base score of 9.8 out of 10. It has a high impact on both integrity and confidentiality, and the availability is also impacted significantly. The exploitability score is 3.9 out of 10, indicating a moderate level of difficulty for attackers to exploit this vulnerability. The danger posed by this vulnerability to organizations is significant, as it allows remote attackers to execute arbitrary commands with elevated privileges on affected devices over the network. To remediate this vulnerability, it is recommended to apply any available patches or updates provided by TOTOLINK to fix the command injection issue in their X6000R V9.4.0cu.852_B20230719 firmware version. (Note: The summary provided above does not contain all the information mentioned in the original text, but includes relevant details about the vulnerability and its impact.)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.