CRITICAL🇵🇱 Wersja polska

CVE-2023-51135

CVSS 9.8v3.1pub. 2023-12-30upd. 2024-11-21

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-787 (out-of-bounds write) is due to the formPasswordSetup function not properly validating the length of input data, which leads to a stack buffer overflow. An attacker can send a specially crafted network request, causing overwriting of critical memory areas. Due to the network vector (AV:N), lack of privilege requirements (PR:N), and no need for user interaction (UI:N), the exploit can be executed entirely remotely.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the device, and consequently take full control of the router, compromising the confidentiality, integrity, and availability of the device and network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is also recommended to restrict access to the device's administrative panel exclusively to trusted IP addresses and to disable remote management if it is not required.

Who is affected

TOTOLINK X2000R Gh firmware version v1.0.0-B20230221.0948.web

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X2000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X2000r Firmware

    OS
    Totolink
    1.0.0-b20230221.0948.web
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22529CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X2000R — podatność w obsłudze przesyłania plików

CVE-2023-51136CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R przez funkcję formRebootSchedule

CVE-2023-51133CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R — funkcja formRoute umożliwia RCE

CVE-2023-46542CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formM...

CVE-2023-46544CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formW...