Sign-up

ID

VAR-202401-1548


CVE

CVE-2023-52042


TITLE

TOTOLINK  of  x6000r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-025280

DESCRIPTION

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. TOTOLINK of x6000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. TOTOLINK X6000R has a code execution vulnerability, which is caused by the application's failure to properly filter special characters and commands in constructing commands

Trust: 2.16

sources: NVD: CVE-2023-52042 // JVNDB: JVNDB-2023-025280 // CNVD: CNVD-2025-15333

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15333

AFFECTED PRODUCTS

vendor:totolinkmodel:x6000rscope:eqversion:9.4.0cu.852_b20230719

Trust: 1.0

vendor:totolinkmodel:x6000rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:x6000rscope:eqversion:x6000r firmware 9.4.0cu.852 b20230719

Trust: 0.8

vendor:totolinkmodel:x6000rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:x6000r 9.4.0cu.852 b20230719scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15333 // JVNDB: JVNDB-2023-025280 // NVD: CVE-2023-52042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-52042
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-52042
value: HIGH

Trust: 1.0

NVD: CVE-2023-52042
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-15333
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15333
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-52042
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-52042
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-52042
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15333 // JVNDB: JVNDB-2023-025280 // NVD: CVE-2023-52042 // NVD: CVE-2023-52042

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-025280 // NVD: CVE-2023-52042

EXTERNAL IDS

db:NVDid:CVE-2023-52042

Trust: 3.2

db:JVNDBid:JVNDB-2023-025280

Trust: 0.8

db:CNVDid:CNVD-2025-15333

Trust: 0.6

sources: CNVD: CNVD-2025-15333 // JVNDB: JVNDB-2023-025280 // NVD: CVE-2023-52042

REFERENCES

url:https://kee02p.github.io/2024/01/13/cve-2023-52042/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-52042

Trust: 0.8

sources: CNVD: CNVD-2025-15333 // JVNDB: JVNDB-2023-025280 // NVD: CVE-2023-52042

SOURCES

db:CNVDid:CNVD-2025-15333
db:JVNDBid:JVNDB-2023-025280
db:NVDid:CVE-2023-52042

LAST UPDATE DATE

2025-07-10T22:55:27.600000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15333date:2025-07-09T00:00:00
db:JVNDBid:JVNDB-2023-025280date:2024-02-05T03:26:00
db:NVDid:CVE-2023-52042date:2024-08-30T19:35:04.953

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15333date:2025-07-09T00:00:00
db:JVNDBid:JVNDB-2023-025280date:2024-02-05T00:00:00
db:NVDid:CVE-2023-52042date:2024-01-16T22:15:37.567