CRITICAL🇵🇱 Wersja polska

CVE-2023-51136

CVSS 9.8v3.1pub. 2023-12-30upd. 2024-11-21

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.

🤖 AI Analysis
How it works

The vulnerability results from a stack overflow error (CWE-787) in the formRebootSchedule function handling device restart scheduling. An attacker can send a specially crafted network request containing excessively long input data, which causes overwriting of stack memory areas beyond the intended buffer. The lack of required authentication to trigger the vulnerability makes the exploit possible directly from the network without any privileges.

Impact

An attacker can cause arbitrary code execution (RCE) on the device, its failure, or complete administrative takeover, which includes violation of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to references (manufacturer website: totolink.cn, firmware download section for model X2000R). Until the update is applied, it is recommended to restrict access to the device management panel exclusively to trusted networks and disable remote access to the administrative interface.

Who is affected

TOTOLINK X2000R Firmware version v1.0.0-B20230221.0948.web

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X2000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X2000r Firmware

    OS
    Totolink
    1.0.0-b20230221.0948.web
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22529CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X2000R — podatność w obsłudze przesyłania plików

CVE-2023-51135CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R — podatność w funkcji formPasswordSetup

CVE-2023-51133CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R — funkcja formRoute umożliwia RCE

CVE-2023-46542CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formM...

CVE-2023-46544CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formW...