CVE-2023-52032
Published: 11 January 2024
Summary
CVE-2023-52032 is a critical-severity an unspecified weakness vulnerability in Totolink Ex1200T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
TOTOlink EX1200T firmware version V4.1.2cu.5232_B20210713 contains a remote command execution vulnerability in the main function. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack complexity that is low, no required authentication or user interaction, and full impact on confidentiality, integrity, and availability.
An unauthenticated attacker with network access can invoke the affected function to execute arbitrary commands on the device. Successful exploitation grants complete control over the router, enabling actions such as configuration changes, traffic interception, or use of the device as an attack pivot.
Public references consist of researcher write-ups that demonstrate the issue through a download-related endpoint but contain no information on vendor patches, firmware updates, or recommended mitigations. The associated EPSS score of 0.1633 shows sustained moderate exploitation probability without a documented rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-56711
Vulnerability details
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.