CVE-2023-52040
Published: 24 January 2024
Summary
CVE-2023-52040 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink X6000R Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-52040 is a command injection vulnerability affecting the TOTOLINK X6000R wireless router running firmware version v9.4.0cu.852_B20230719. The flaw resides in the sub_41284C function and is tracked under CWE-77, enabling unauthenticated remote attackers to supply crafted input that results in arbitrary operating system command execution. It received a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no required privileges or user interaction.
An attacker with network access to the device can directly invoke the vulnerable function to execute arbitrary commands. Successful exploitation grants complete control over the router, allowing modification of configuration, interception of traffic, installation of persistent malware, or use of the device as a pivot point into attached networks.
The EPSS score for this CVE remained low immediately after disclosure but rose materially to a peak of 0.0727 on 2025-01-22 before receding to its current value of 0.0010, indicating a period of increased exploitation interest roughly one year after publication. Public references consist of technical write-ups hosted on GitHub that demonstrate the issue but contain no vendor advisory or patch information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-56719
Vulnerability details
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-52040 allows remote arbitrary command execution on the TOTOLINK X6000R router via a vulnerable function, enabling exploitation of public-facing applications (T1190), exploitation of remote services (T1210), and command/script execution on network device CLI (T1059.008).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.