Totolink X2000R_V2 boa formTmultiAP buffer overflow
CVE-2023-7208

8HIGH

Key Information:

Vendor: Totolink
Status: X2000r V2
Vendor: CVE Published:; 7 January 2024

Summary

A significant buffer overflow vulnerability exists in the Totolink X2000R_V2 2.0.0-B20230727.10434, specifically within the formTmultiAP function located in the /bin/boa file. This vulnerability can be exploited to manipulate memory allocation, potentially leading to execution of arbitrary code. Despite early notifications to the vendor regarding this issue, there has been no response or mitigation effort reported, leaving users at risk. Awareness and prompt action are essential for those utilizing affected devices to safeguard their networks.

Affected Version(s)

X2000R_V2 2.0.0-B20230727.10434

References

https://vuldb.com/?id.249742

vdb-entrytechnical-description

https://vuldb.com/?ctiid.249742

signaturepermissions-required

https://github.com/unpWn4bL3/iot-security/blob/main/13.md

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2024

Credit

unpWn4bl3 (VulDB User)