CVE-2023-4746

Exploit

EPSS 0.29%
Veröffentlicht 04.09.2023 01:15:07
Zuletzt bearbeitet 21.11.2024 08:35:53
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Totolink ≫ N200re-v5 Firmware Version9.3.5u.6437_b20230519

Totolink ≫ N200re-v5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.515

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.238635

Permissions Required

https://vuldb.com/?id.238635

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4746

EUVD