Stack Overflow Vulnerability in TOTOLINK X2000R Router
CVE-2023-46564

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X2000r Firmware
Vendor: CVE Published:; 25 October 2023

Summary

The TOTOLINK X2000R router, specifically version v1.0.0-B20230221.0948, has been identified as having a stack overflow vulnerability in the function formDMZ. This flaw could enable attackers to execute arbitrary code, potentially leading to unauthorized access and manipulation of the device. Users are strongly advised to apply the latest updates and monitor their network for any suspicious activity. For further information, visit the official release notes and additional documentation.

References

https://totolink.cn/home/menu/detail.html?menu_listtpl=do...

https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 23, 2023