Details of VAR-202312-0940

ID

VAR-202312-0940

CVE

CVE-2023-51034

TITLE

TOTOLINK of ex1200l Unrestricted Upload of Dangerous File Types Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-023761

DESCRIPTION

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. TOTOLINK of ex1200l Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a dual-band wireless signal amplifier, mainly used to expand the Wi-Fi coverage of home or office environments, and solve the problem of weak signals or dead spots. TOTOLINK EX1200L has a command execution vulnerability, which is caused by the UploadFirmwareFil function interface of cstecgi.cgi failing to properly filter special characters and commands in constructed commands

Trust: 2.16

sources: NVD: CVE-2023-51034 // JVNDB: JVNDB-2023-023761 // CNVD: CNVD-2025-15343

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15343

AFFECTED PRODUCTS

vendor:	totolink	model:	ex1200l	scope:	eq	version:	9.3.5u.6146_b20201023	Trust: 1.0
vendor:	totolink	model:	ex1200l	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200l	scope:	eq	version:	ex1200l firmware 9.3.5u.6146 b20201023	Trust: 0.8
vendor:	totolink	model:	ex1200l	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200l v9.3.5u.6146 b20201023	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15343 // JVNDB: JVNDB-2023-023761 // NVD: CVE-2023-51034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-51034
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-51034
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-51034
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-15343
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15343
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-51034
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-51034
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-51034
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15343 // JVNDB: JVNDB-2023-023761 // NVD: CVE-2023-51034 // NVD: CVE-2023-51034

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023761 // NVD: CVE-2023-51034

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51034	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-023761	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15343	Trust: 0.6

sources: CNVD: CNVD-2025-15343 // JVNDB: JVNDB-2023-023761 // NVD: CVE-2023-51034

REFERENCES

url:	https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200l_uploadfirmwarefile/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-51034	Trust: 0.8

sources: CNVD: CNVD-2025-15343 // JVNDB: JVNDB-2023-023761 // NVD: CVE-2023-51034

SOURCES

db:	CNVD	id:	CNVD-2025-15343
db:	JVNDB	id:	JVNDB-2023-023761
db:	NVD	id:	CVE-2023-51034

LAST UPDATE DATE

2025-07-10T23:01:15.930000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15343	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2023-023761	date:	2024-01-29T07:21:00
db:	NVD	id:	CVE-2023-51034	date:	2024-09-09T21:35:08.283

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15343	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2023-023761	date:	2024-01-29T00:00:00
db:	NVD	id:	CVE-2023-51034	date:	2023-12-22T19:15:09.877