Vulnerability Details CVE-2023-31856
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-31856
-
cpe:2.3:h:totolink:cp300+:-
-
cpe:2.3:o:totolink:cp300+_firmware:5.2cu.7594_b20200910