CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-7222

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.5%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 8.3

References

https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md
https://vuldb.com/?ctiid.249856
https://vuldb.com/?id.249856
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md
https://vuldb.com/?ctiid.249856
https://vuldb.com/?id.249856

Products affected by CVE-2023-7222

Totolink » X2000r » Version: N/A

cpe:2.3:h:totolink:x2000r:-
Totolink » X2000r Firmware » Version: 1.0.0-b20221212.1452

cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20221212.1452

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-7222

Products

Pricing

Contact Us