Cyber Resilience

CVE-2023-29798

CriticalPublic PoCRCE

Published: 14 April 2023

Published
14 April 2023
Modified
06 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1490 94.7th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29798 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink X18 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TOTOLINK X18 firmware version V9.1.0cu.2024_B20220329 contains a command injection vulnerability in the setTracerouteCfg function, where the command parameter is processed without adequate sanitization. The flaw is tracked as CVE-2023-29798 and assigned CWE-77, with a CVSS 3.1 score of 9.8 reflecting network-accessible exploitation that requires no authentication or user interaction.

An unauthenticated attacker can supply a crafted command value over the network to the affected function, resulting in arbitrary command execution on the device. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the router.

The EPSS score for this CVE reached a peak of 0.2264 after disclosure before settling at a current value of 0.1490, indicating a measurable increase in exploitation interest following public release. No vendor advisory or patch information is provided in the available references.

EU & UK References

Vulnerability details

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

totolink
x18 firmware
9.1.0cu.2024_b20220329

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References