Buffer Overflow Vulnerability in TOTOLink X5000R and A7000R Products
CVE-2024-28639

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X5000r Firmware
Vendor: CVE Published:; 16 March 2024

Summary

The buffer overflow vulnerability present in certain versions of TOTOLink X5000R and A7000R products facilitates an exploit that may enable remote attackers to execute arbitrary code, potentially leading to a denial of service (DoS). This vulnerability is specifically notable in the handling of the IP field, making it critical for users to secure their devices against potential exploits.

References

https://github.com/ZIKH26/CVE-information/blob/master/TOT...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2024
Vulnerability Reserved
Mar 8, 2024

Collectors

NVD DatabaseMitre Database