CVE-2023-4746

Status: Modified

Last modified: 17-05-2024

Published: 04-09-2023

8.8

SUMMARY CVE-2023-4746

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.

Access CVSS3 CVE-2023-4746

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	LOW	UNCHANGED	NONE

Impact CVSS3 CVE-2023-4746

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

Details CVE-2023-4746

EPSS	0.00254
EPSS %	0.65517
References	https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 https://vuldb.com/?ctiid.238635 https://vuldb.com/?id.238635
CWE	CWE-134
CAPEC	Format String Injection: An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack. String Format Overflow in syslog(): This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.
Vulnerable Configurations	cpe:2.3:o:totolink:n200re-v5_firmware:9.3.5u.6437_b20230519:::::::* cpe:2.3:o:totolink:n200re-v5_firmware:9.3.5u.6437_b20230519:::::::* cpe:2.3:h:totolink:n200re-v5:-:::::::* cpe:2.3:h:totolink:n200re-v5:-:::::::*
CVSS3 Source	nvd@nist.gov
CVSS3 Type	Primary
CVSS3 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H