CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2023-52039

CVSS 9.8v3.1pub. 2024-01-24upd. 2025-05-30

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.

πŸ€– AI Analysis
How it works

The vulnerability exists in the sub_415AA4 function of the router's firmware. An attacker can provide specially crafted input data that is not properly validated or filtered, resulting in their interpretation as system commands by the device. The attack requires no authentication, user interaction, or special network conditions, making it trivial to perform remotely.

Impact

An attacker can execute arbitrary operating system commands on the device with the privileges of the vulnerable function process, which in practice may lead to complete takeover of the router, violation of data confidentiality and integrity, and disruption of network service availability.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable remote management over the WAN network.

Who is affected

TOTOLINK X6000R with firmware version v9.4.0cu.852_B20230719

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X6000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X6000r Firmware

    OS
    Totolink
    9.4.0cu.852_b20230719
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-11005CRITICAL9.3PL βœ“ten sam produkt

OS Command Injection w TOTOLINK X6000R β€” zdalne wykonanie poleceΕ„

CVE-2025-52906CRITICAL9.3PL βœ“ten sam produkt

OS Command Injection w firmware routera TOTOLINK X6000R

CVE-2025-52053CRITICAL9.8PL βœ“ten sam produkt

Command injection w TOTOLINK X6000R – zdalne wykonanie kodu bez uwierzytelnienia

CVE-2024-52723CRITICAL9.8PL βœ“ten sam produkt

Command injection w TOTOLINK X6000R β€” zdalne wykonanie poleceΕ„ bez uwierzytelnienia

CVE-2023-52038CRITICAL9.8PL βœ“ten sam produkt

Command Injection w TOTOLINK X6000R β€” wykonanie dowolnych poleceΕ„

CVE-2023-52039 β€” Totolink β€” X6000R β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl