CVE-2023-52038
Published: 24 January 2024
Summary
CVE-2023-52038 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink X6000R Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-52038 is a command injection vulnerability, tracked under CWE-77, that affects the TOTOLINK X6000R router running firmware version 9.4.0cu.852_B20230719. The flaw resides in the sub_415C80 function and permits unauthenticated attackers to execute arbitrary operating-system commands. It received a CVSS 3.1 base score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction and full impact on confidentiality, integrity, and availability.
An attacker with network reachability to the device can supply crafted input that reaches sub_415C80, resulting in immediate command execution and complete device compromise. No authentication or special privileges are needed, enabling remote takeover of affected routers.
The EPSS score for this CVE rose materially from a low baseline near 0.0012 to a peak of 0.0727 on 2025-01-22 before receding, indicating that exploitation interest surfaced after public disclosure. Public references consist of a GitHub repository containing technical details of the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-56717
Vulnerability details
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability (CVE-2023-52038) in TOTOLINK X6000R router firmware allows remote arbitrary command execution via a vulnerable function, enabling exploitation of a public-facing network device application.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.