Login Sign Up

CVE-2023-52029

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on TOTOlink A3700R routers via the setDiagnosisCfg function. Attackers can gain full control of affected devices without authentication. All users running vulnerable firmware versions are affected.

💻 Affected Systems

Products:
  • TOTOlink A3700R
Versions: v9.1.2u.5822_B20200513
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

A3700r Firmware by Totolink

View all CVEs affecting A3700r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router allowing attackers to intercept all network traffic, install persistent malware, pivot to internal networks, and use device as botnet node.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound rules and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.
🏢 Internal Only: MEDIUM - Internal exploitation possible if attacker gains network access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public technical analysis available showing exploitation details; RCE requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. If update available, download from official source. 3. Upload via router admin interface. 4. Reboot router after installation.

🔧 Temporary Workarounds

Disable WAN administration

all

Prevent external access to router administration interface

Access router admin panel → Security/Administration → Disable 'Remote Management' or 'WAN Administration'

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace router with different model/brand that receives security updates
  • Place router behind dedicated firewall with strict inbound rules blocking all unnecessary ports

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System/Status → Firmware Version

Check Version:

Login to router admin panel and navigate to firmware information page

Verify Fix Applied:

Verify firmware version has changed from vulnerable version after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to setDiagnosisCfg endpoint
  • Unexpected command execution in system logs
  • Failed authentication attempts followed by successful exploitation

Network Indicators:

  • Unusual outbound connections from router
  • DNS queries to suspicious domains
  • Traffic patterns indicating command and control communication

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/setDiagnosisCfg" OR cmd="ping" OR cmd="wget" OR cmd="curl")

📊 Metadata

CVE ID: CVE-2023-52029
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: January 11, 2024
Last Updated: June 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52029, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)