CRITICAL🇵🇱 Wersja polska

CVE-2023-49418

CVSS 9.8v3.1pub. 2023-12-11upd. 2024-11-21

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-787 (out-of-bounds write) consists of a stack buffer overflow during input data processing by the setIpPortFilterRules function. An attacker can provide a crafted network request containing excess data that overwrites stack memory areas beyond the intended buffer. This can lead to overwriting the function's return address and taking control of the program execution flow.

Impact

An unauthenticated attacker acting remotely over the network can cause arbitrary code execution (RCE) with the privileges of the process handling the request, and consequently to full device takeover, loss of confidentiality, integrity and availability.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and isolate the device from the public Internet using a firewall.

Who is affected

TOTOLink A7000R with firmware version V9.1.0u.6115_B20201022

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A7000r

    HW
    Totolink
    wszystkie wersje
  • Totolink A7000r Firmware

    OS
    Totolink
    9.1.0u.6115_b20201022
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-51452CRITICAL9.8PL ✓ten sam produkt

TOTOLINK A7000R – bypass uwierzytelnienia przez formLoginAuth.htm

CVE-2024-28639CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP

CVE-2023-49417CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLink A7000R — funkcja setOpModeCfg

CVE-2023-45984CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...

CVE-2023-36947CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...