Login Sign Up

CVE-2023-29800

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X18 routers by injecting malicious commands into the FileName parameter during firmware upload. Attackers can gain full control of affected devices, potentially compromising network security. Users of TOTOLINK X18 routers with the vulnerable firmware are affected.

💻 Affected Systems

Products:
  • TOTOLINK X18
Versions: V9.1.0cu.2024_B20220329
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

X18 Firmware by Totolink

View all CVEs affecting X18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Remote code execution allowing attackers to modify device settings, steal credentials, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, not internet-facing, and has strong network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Command injection vulnerabilities are typically easy to exploit with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Restrict firmware upload access

all

Limit which IP addresses can access firmware upload functionality

🧯 If You Can't Patch

  • Isolate affected routers in separate network segments with strict firewall rules
  • Implement network monitoring for unusual outbound connections from routers

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router admin interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V9.1.0cu.2024_B20220329

📡 Detection & Monitoring

Log Indicators:

  • Unusual firmware upload attempts
  • Commands containing special characters in filename parameters
  • Unexpected system processes

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs
  • Unexpected port scans originating from router

SIEM Query:

source="router_logs" AND (event="firmware_upload" OR filename="*;*" OR filename="*|*" OR filename="*`*")

📊 Metadata

CVE ID: CVE-2023-29800
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: April 14, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29800, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)