id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-46574 - https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/wy876/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-46574 cwe-id: CWE-77 epss-score: 0.20185 epss-percentile: 0.96341 cpe: cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: totolink product: a3700r_firmware shodan-query: - title:"Totolink" - http.title:"totolink" fofa-query: title="totolink" google-query: intitle:"totolink" tags: cve,cve2023,totolink,router,iot,rce http: - method: GET path: - "{{BaseURL}}" matchers: - type: dsl internal: true dsl: - 'status_code == 200' - 'contains(body, "