CVE-2023-46574
CRITICAL EXPLOITED NUCLEITOTOLINK A3700R <9.1.2u.6165_20211012 - RCE
Title source: llmExploitation Summary
CVE-2023-46574 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
Nuclei Templates (1)
TOTOLINK A3700R - Command Injection
CRITICALVERIFIEDby DhiyaneshDk
Shodan:
title:"Totolink" || http.title:"totolink"
FOFA:
title="totolink"
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md
Scores
CVSS v3
9.8
EPSS
0.6541
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-08-09
CWE
CWE-77
Status
published
Products (1)
totolink/a3700r_firmware
9.1.2u.6165_20211012
Published
Oct 25, 2023
Tracked Since
Feb 18, 2026