CRITICAL🇵🇱 Wersja polska

CVE-2023-52040

CVSS 9.8v3.1pub. 2024-01-24upd. 2024-11-21

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

🤖 AI Analysis
How it works

The issue concerns the sub_41284C function in TOTOLINK X6000R firmware version 9.4.0cu.852_B20230719. This function does not properly validate input data, which allows injection and execution of arbitrary system commands (command injection). The attack does not require authentication, user interaction, or special privileges — network access to the device is sufficient.

Impact

An attacker can take full control of the device by executing arbitrary system commands with the privilege level of the process handling the vulnerable function, which may lead to breaches of confidentiality, integrity, and system availability.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with the references. Until an update is available, it is recommended to restrict access to the device management panel exclusively from trusted networks and block Internet access using a firewall.

Who is affected

TOTOLINK X6000R Firmware version 9.4.0cu.852_B20230719

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X6000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X6000r Firmware

    OS
    Totolink
    9.4.0cu.852_b20230719
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-11005CRITICAL9.3PL ✓ten sam produkt

OS Command Injection w TOTOLINK X6000R — zdalne wykonanie poleceń

CVE-2025-52906CRITICAL9.3PL ✓ten sam produkt

OS Command Injection w firmware routera TOTOLINK X6000R

CVE-2025-52053CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X6000R – zdalne wykonanie kodu bez uwierzytelnienia

CVE-2024-52723CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X6000R — zdalne wykonanie poleceń bez uwierzytelnienia

CVE-2023-52038CRITICAL9.8PL ✓ten sam produkt

Command Injection w TOTOLINK X6000R — wykonanie dowolnych poleceń