CVE-2023-50651
CRITICAL WAF: High
CVSS 9.8
Published: 2023-12-30
CWE-78 CWE-78
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| totolink | x6000r_firmware | 9.4.0cu.852_b20230719 |
References
- totolink.com (Not Applicable)
- palm-jump-676.notion.site (Exploit, Third Party Advisory)