CVSS 3.1 Score 9.8 of 10 (high)


Published Oct 31, 2023
Updated: Nov 8, 2023


CVE-2023-46979 is a command injection vulnerability found in TOTOLINK X6000R V9.4.0cu.852_B20230719, specifically in the setLedCfg function through the enable parameter. This vulnerability affects the tUBjjX product. The base severity of this vulnerability is classified as CRITICAL, with a base score of 9.8 out of 10. It has a high impact on both integrity and confidentiality, and the availability is also impacted significantly. The exploitability score is 3.9 out of 10, indicating a moderate level of difficulty for attackers to exploit this vulnerability. The danger posed by this vulnerability to organizations is significant, as it allows remote attackers to execute arbitrary commands with elevated privileges on affected devices over the network. To remediate this vulnerability, it is recommended to apply any available patches or updates provided by TOTOLINK to fix the command injection issue in their X6000R V9.4.0cu.852_B20230719 firmware version.

(Note: The summary provided above does not contain all the information mentioned in the original text, but includes relevant details about the vulnerability and its impact.)

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46979 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options