Post-Authentication Remote Code Execution Vulnerability in TOTOLINK N300RT Version 3.2.4-B20180730.0906

CVE-2023-48860 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.