CVE-2023-51028

CRITICAL

TOTOLINK EX1800T <9.1.0cu.2112_B20220316 - Command Injection

Title source: llm

Description

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliChannel/

Scores

CVSS v3 9.8

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

totolink/ex1800t_firmware 9.1.0cu.2112_b20220316

Published Dec 22, 2023

Tracked Since Feb 18, 2026