Details of VAR-202312-1109

ID

VAR-202312-1109

CVE

CVE-2023-51015

TITLE

TOTOLINK of ex1800t Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-023775

DESCRIPTION

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments. The vulnerability is caused by the enable parameter of the setDmzCfg interface in cstecgi.cgi, which allows an attacker to execute unauthorized arbitrary commands

Trust: 2.16

sources: NVD: CVE-2023-51015 // JVNDB: JVNDB-2023-023775 // CNVD: CNVD-2025-17857

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17857

AFFECTED PRODUCTS

vendor:	totolink	model:	ex1800t	scope:	eq	version:	9.1.0cu.2112_b20220316	Trust: 1.0
vendor:	totolink	model:	ex1800t	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1800t	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1800t	scope:	eq	version:	ex1800t firmware 9.1.0cu.2112 b20220316	Trust: 0.8
vendor:	totolink	model:	ex1800t v9.1.0cu.2112 b20220316	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17857 // JVNDB: JVNDB-2023-023775 // NVD: CVE-2023-51015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-51015
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-51015
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-17857
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17857
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-51015
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-51015
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17857 // JVNDB: JVNDB-2023-023775 // NVD: CVE-2023-51015

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-94	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023775 // NVD: CVE-2023-51015

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51015	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-023775	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17857	Trust: 0.6

sources: CNVD: CNVD-2025-17857 // JVNDB: JVNDB-2023-023775 // NVD: CVE-2023-51015

REFERENCES

url:	https://815yang.github.io/2023/12/11/ex1800t/totolinkex1800t_v9.1.0cu.2112_b2022031setdmzcfg/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-51015	Trust: 0.8

sources: CNVD: CNVD-2025-17857 // JVNDB: JVNDB-2023-023775 // NVD: CVE-2023-51015

SOURCES

db:	CNVD	id:	CNVD-2025-17857
db:	JVNDB	id:	JVNDB-2023-023775
db:	NVD	id:	CVE-2023-51015

LAST UPDATE DATE

2025-08-10T23:34:14.252000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17857	date:	2025-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2023-023775	date:	2024-01-29T07:35:00
db:	NVD	id:	CVE-2023-51015	date:	2024-08-27T20:35:06.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17857	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2023-023775	date:	2024-01-29T00:00:00
db:	NVD	id:	CVE-2023-51015	date:	2023-12-22T19:15:09.450