TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
Published 2023-05-05 14:15:09
Updated 2023-09-21 18:15:12
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-30013

96.31%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-30013

  • TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
    Disclosure Date: 2023-05-05
    First seen: 2023-10-08
    exploit/linux/http/totolink_unauth_rce_cve_2023_30013
    Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. After exploitation, an attacker will have full access with the

CVSS scores for CVE-2023-30013

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2023-30013

References for CVE-2023-30013

Products affected by CVE-2023-30013

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!