Sign-up

ID

VAR-202401-1755


CVE

CVE-2023-52041


TITLE

TOTOLINK  of  x6000r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-025278

DESCRIPTION

An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. TOTOLINK of x6000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. TOTOLINK X6000R has a code execution vulnerability, which is caused by the application's failure to properly filter special characters and commands in constructing commands

Trust: 2.16

sources: NVD: CVE-2023-52041 // JVNDB: JVNDB-2023-025278 // CNVD: CNVD-2025-15332

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15332

AFFECTED PRODUCTS

vendor:totolinkmodel:x6000rscope:eqversion:9.4.0cu.852_b20230719

Trust: 1.0

vendor:totolinkmodel:x6000rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:x6000rscope:eqversion:x6000r firmware 9.4.0cu.852 b20230719

Trust: 0.8

vendor:totolinkmodel:x6000rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:x6000r 9.4.0cu.852 b20230719scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15332 // JVNDB: JVNDB-2023-025278 // NVD: CVE-2023-52041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-52041
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-52041
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-52041
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-15332
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15332
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-52041
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-52041
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15332 // JVNDB: JVNDB-2023-025278 // NVD: CVE-2023-52041 // NVD: CVE-2023-52041

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-025278 // NVD: CVE-2023-52041

EXTERNAL IDS

db:NVDid:CVE-2023-52041

Trust: 3.2

db:JVNDBid:JVNDB-2023-025278

Trust: 0.8

db:CNVDid:CNVD-2025-15332

Trust: 0.6

sources: CNVD: CNVD-2025-15332 // JVNDB: JVNDB-2023-025278 // NVD: CVE-2023-52041

REFERENCES

url:https://kee02p.github.io/2024/01/13/cve-2023-52041/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-52041

Trust: 0.8

sources: CNVD: CNVD-2025-15332 // JVNDB: JVNDB-2023-025278 // NVD: CVE-2023-52041

SOURCES

db:CNVDid:CNVD-2025-15332
db:JVNDBid:JVNDB-2023-025278
db:NVDid:CVE-2023-52041

LAST UPDATE DATE

2025-07-10T23:12:28.678000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15332date:2025-07-09T00:00:00
db:JVNDBid:JVNDB-2023-025278date:2024-02-05T03:26:00
db:NVDid:CVE-2023-52041date:2025-06-17T14:15:28.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15332date:2025-07-09T00:00:00
db:JVNDBid:JVNDB-2023-025278date:2024-02-05T00:00:00
db:NVDid:CVE-2023-52041date:2024-01-16T19:15:08.410