CVE-2023-36950

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*
cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*

History

12 Sep 2024, 13:35

Type Values Removed Values Added
CWE CWE-121

19 Oct 2023, 11:10

Type Values Removed Values Added
CPE cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*
cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*
cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*
References (MISC) https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md - (MISC) https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md - Exploit, Third Party Advisory
First Time Totolink
Totolink x5000r Firmware
Totolink a7000r
Totolink a7000r Firmware
Totolink x5000r
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-787

16 Oct 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 06:15

Updated : 2024-09-12 13:35


NVD link : CVE-2023-36950

Mitre link : CVE-2023-36950

CVE.ORG link : CVE-2023-36950


JSON object : View

Products Affected

totolink

  • a7000r
  • x5000r_firmware
  • a7000r_firmware
  • x5000r
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow