CVE-2023-48192

HIGH

TOTOlink A3700R v.9.1.2u.6134_B20201202 - Remote Code Execution via setTracerouteCfg Function

Title source: llm
STIX 2.1

Description

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

References (3)

Core 3
Core References
Not Applicable
http://totolink.com
Not Applicable
https://www.totolink.net/

Scores

CVSS v3 7.8
EPSS 0.0008
EPSS Percentile 24.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
totolink/a3700r_firmware 9.1.2u.6134_b20201202
Published Nov 20, 2023
Tracked Since Feb 18, 2026