CVE-2023-7208

Published: Jan 7, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Totolink: X2000r Firmware

1 product

X2000r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink X2000r Firmware	Version 2.0.0-b20230727.10434

Running on/with	Platform Versions
Totolink X2000r	Version v2

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://github.com/unpWn4bL3/iot-security/blob/main/13.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.249742

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.249742

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/unpWn4bL3/iot-security/blob/main/13.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.249742

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.249742

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.