TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.
The vulnerability results from a stack overflow error (CWE-787) in the formRebootSchedule function handling device restart scheduling. An attacker can send a specially crafted network request containing excessively long input data, which causes overwriting of stack memory areas beyond the intended buffer. The lack of required authentication to trigger the vulnerability makes the exploit possible directly from the network without any privileges.
An attacker can cause arbitrary code execution (RCE) on the device, its failure, or complete administrative takeover, which includes violation of system confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to references (manufacturer website: totolink.cn, firmware download section for model X2000R). Until the update is applied, it is recommended to restrict access to the device management panel exclusively to trusted networks and disable remote access to the administrative interface.
TOTOLINK X2000R Firmware version v1.0.0-B20230221.0948.web
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink X2000r
HWTotolinkwszystkie wersjeTotolink X2000r Firmware
OSTotolink1.0.0-b20230221.0948.web
Related vulnerabilities
Command injection w TOTOLINK X2000R — podatność w obsłudze przesyłania plików
Stack overflow w TOTOLINK X2000R — podatność w funkcji formPasswordSetup
Stack overflow w TOTOLINK X2000R — funkcja formRoute umożliwia RCE
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formM...
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formW...