CVE-2023-7222Classic Buffer Overflow in X2000r

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.2
EPSS
0.2%
top 58.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X2000rTotolink X2000r Firmware
Timeline
PublishedJan 9

Description

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5totolink/x2000r1.0.0-B20221212.1452
NVDtotolink/x2000r_firmware1.0.0-b20221212.1452

🔴Vulnerability Details

2
GHSA
GHSA-jjvf-rww2-493v: A vulnerability was found in Totolink X2000R 12024-01-09
CVEList
Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow2024-01-09
CVE-2023-7222 — Classic Buffer Overflow in X2000r | cvebase