TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.
The vulnerability classified as CWE-787 (out-of-bounds write) is due to the formPasswordSetup function not properly validating the length of input data, which leads to a stack buffer overflow. An attacker can send a specially crafted network request, causing overwriting of critical memory areas. Due to the network vector (AV:N), lack of privilege requirements (PR:N), and no need for user interaction (UI:N), the exploit can be executed entirely remotely.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the device, and consequently take full control of the router, compromising the confidentiality, integrity, and availability of the device and network.
Apply patches available from the manufacturer according to the references. It is also recommended to restrict access to the device's administrative panel exclusively to trusted IP addresses and to disable remote management if it is not required.
TOTOLINK X2000R Gh firmware version v1.0.0-B20230221.0948.web
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink X2000r
HWTotolinkwszystkie wersjeTotolink X2000r Firmware
OSTotolink1.0.0-b20230221.0948.web
Related vulnerabilities
Command injection w TOTOLINK X2000R — podatność w obsłudze przesyłania plików
Stack overflow w TOTOLINK X2000R przez funkcję formRebootSchedule
Stack overflow w TOTOLINK X2000R — funkcja formRoute umożliwia RCE
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formM...
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formW...