CRITICAL🇵🇱 Wersja polska

CVE-2023-51133

CVSS 9.8v3.1pub. 2023-12-30upd. 2024-11-21

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.

🤖 AI Analysis
How it works

The vulnerability is a stack buffer overflow (stack overflow, CWE-787) in the formRoute function that handles network requests. An attacker can send a crafted request containing excessive data that exceeds the reserved buffer size on the stack. Overwriting the stack allows an attacker to take control of the program execution flow and potentially execute arbitrary code.

Impact

An attacker without any authentication can remotely execute arbitrary code on the device (RCE), which in practice means complete takeover of the router, including control over network traffic passing through the device.

Mitigation & patch

Apply patches available from the manufacturer according to the references (TOTOLINK download page: https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36). Until an update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable exposure of the admin panel to the public network.

Who is affected

TOTOLINK X2000R Firmware version v1.0.0-B20230221.0948.web

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X2000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X2000r Firmware

    OS
    Totolink
    1.0.0-b20230221.0948.web
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22529CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X2000R — podatność w obsłudze przesyłania plików

CVE-2023-51136CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R przez funkcję formRebootSchedule

CVE-2023-51135CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK X2000R — podatność w funkcji formPasswordSetup

CVE-2023-46542CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formM...

CVE-2023-46544CRITICAL9.8ten sam produkt

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formW...