Vulnerability Details : CVE-2023-4746
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.
Vulnerability category: Overflow
Products affected by CVE-2023-4746
- cpe:2.3:o:totolink:n200re-v5_firmware:9.3.5u.6437_b20230519:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4746
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4746
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
VulDB | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
VulDB | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
VulDB | 2024-01-09 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-4746
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-4746
-
https://vuldb.com/?id.238635
Third Party Advisory
-
https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80
Use format string bypass Totolink's Validity_check function, lead to remote OS command injection (CVE-2023-4746) ยท GitHubExploit;Third Party Advisory
-
https://vuldb.com/?ctiid.238635
CVE-2023-4746: TOTOLINK N200RE V5 Validity_check format stringPermissions Required
Jump to