CRITICAL🇵🇱 Wersja polska

CVE-2023-49417

CVSS 9.8v3.1pub. 2023-12-11upd. 2025-05-27

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

🤖 AI Analysis
How it works

The vulnerability occurs in the setOpModeCfg function of the TOTOLink A7000R device firmware version V9.1.0u.6115_B20201022. An attacker can supply specially crafted input data to this function, causing a stack buffer overflow. The overflow can overwrite critical control data on the stack, such as the function return address, enabling the attacker to take control of program execution flow.

Impact

An unauthenticated remote attacker can achieve full control over the device, including arbitrary code execution (RCE) with the privileges of the process handling the request. The consequence may be complete loss of confidentiality, integrity, and availability of the device.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to restrict access to the device management interface only to trusted hosts and isolate the device from untrusted networks.

Who is affected

TOTOLink A7000R with firmware version V9.1.0u.6115_B20201022

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A7000r

    HW
    Totolink
    wszystkie wersje
  • Totolink A7000r Firmware

    OS
    Totolink
    9.1.0u.6115_b20201022
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-51452CRITICAL9.8PL ✓ten sam produkt

TOTOLINK A7000R – bypass uwierzytelnienia przez formLoginAuth.htm

CVE-2024-28639CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP

CVE-2023-49418CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLink A7000R via setIpPortFilterRules — RCE bez uwierzytelnienia

CVE-2023-45984CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...

CVE-2023-36947CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...