Sign-up

ID

VAR-202302-1569


CVE

CVE-2023-23064


TITLE

TOTOLINK  of  A720R  Fraudulent Authentication Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-004299

DESCRIPTION

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. TOTOLINK of A720R An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network speeds and strong signal coverage

Trust: 2.25

sources: NVD: CVE-2023-23064 // JVNDB: JVNDB-2023-004299 // CNVD: CNVD-2025-29720 // VULMON: CVE-2023-23064

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-29720

AFFECTED PRODUCTS

vendor:totolinkmodel:a720rscope:eqversion:4.1.5cu.532_b20210610

Trust: 1.0

vendor:totolinkmodel:a720rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a720rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a720rscope:eqversion:a720r firmware 4.1.5cu.532 b20210610

Trust: 0.8

vendor:totolinkmodel:a720r 4.1.5cu.532 b20210610scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-29720 // JVNDB: JVNDB-2023-004299 // NVD: CVE-2023-23064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23064
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-23064
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-23064
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-29720
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202302-1550
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-29720
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-23064
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-23064
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-29720 // CNNVD: CNNVD-202302-1550 // JVNDB: JVNDB-2023-004299 // NVD: CVE-2023-23064 // NVD: CVE-2023-23064

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004299 // NVD: CVE-2023-23064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1550

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1550

PATCH

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-23064

Trust: 0.1

sources: VULMON: CVE-2023-23064

EXTERNAL IDS

db:NVDid:CVE-2023-23064

Trust: 3.9

db:JVNDBid:JVNDB-2023-004299

Trust: 0.8

db:CNVDid:CNVD-2025-29720

Trust: 0.6

db:CNNVDid:CNNVD-202302-1550

Trust: 0.6

db:VULMONid:CVE-2023-23064

Trust: 0.1

sources: CNVD: CNVD-2025-29720 // VULMON: CVE-2023-23064 // CNNVD: CNNVD-202302-1550 // JVNDB: JVNDB-2023-004299 // NVD: CVE-2023-23064

REFERENCES

url:https://github.com/shellpei/totolink-unauthorized/blob/main/cve-2023-23064

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23064

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-23064/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2023-23064

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-29720 // VULMON: CVE-2023-23064 // CNNVD: CNNVD-202302-1550 // JVNDB: JVNDB-2023-004299 // NVD: CVE-2023-23064

SOURCES

db:CNVDid:CNVD-2025-29720
db:VULMONid:CVE-2023-23064
db:CNNVDid:CNNVD-202302-1550
db:JVNDBid:JVNDB-2023-004299
db:NVDid:CVE-2023-23064

LAST UPDATE DATE

2025-12-19T22:56:09.143000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-29720date:2025-12-03T00:00:00
db:VULMONid:CVE-2023-23064date:2023-02-21T00:00:00
db:CNNVDid:CNNVD-202302-1550date:2023-03-01T00:00:00
db:JVNDBid:JVNDB-2023-004299date:2023-10-27T06:40:00
db:NVDid:CVE-2023-23064date:2025-03-18T20:15:17.623

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-29720date:2025-12-02T00:00:00
db:VULMONid:CVE-2023-23064date:2023-02-17T00:00:00
db:CNNVDid:CNNVD-202302-1550date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2023-004299date:2023-10-27T00:00:00
db:NVDid:CVE-2023-23064date:2023-02-17T22:15:14.353