CVE-2023-4746

Exploit

EPSS 0.29%
Published 04.09.2023 01:15:07
Last modified 21.11.2024 08:35:53
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Totolink ≫ N200re-v5 Firmware Version9.3.5u.6437_b20230519

Totolink ≫ N200re-v5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.515

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.238635

Permissions Required

https://vuldb.com/?id.238635

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4746

EUVD