Cyber Resilience

CVE-2023-52032

CriticalPublic PoC

Published: 11 January 2024

Published
11 January 2024
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1633 95.0th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-52032 is a critical-severity an unspecified weakness vulnerability in Totolink Ex1200T Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TOTOlink EX1200T firmware version V4.1.2cu.5232_B20210713 contains a remote command execution vulnerability in the main function. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack complexity that is low, no required authentication or user interaction, and full impact on confidentiality, integrity, and availability.

An unauthenticated attacker with network access can invoke the affected function to execute arbitrary commands on the device. Successful exploitation grants complete control over the router, enabling actions such as configuration changes, traffic interception, or use of the device as an attack pivot.

Public references consist of researcher write-ups that demonstrate the issue through a download-related endpoint but contain no information on vendor patches, firmware updates, or recommended mitigations. The associated EPSS score of 0.1633 shows sustained moderate exploitation probability without a documented rise after disclosure.

EU & UK References

Vulnerability details

TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

totolink
ex1200t firmware
4.1.2cu.5232_b20210713

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References