Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for X2000R by TOTOLINK

    VAR-202404-2868

    Vulnerability from variot - Updated: 2025-12-19 22:56

    TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 wireless router launched by TOTOLINK, a Chinese electronics company. It supports gigabit networks and EasyMesh functionality, and features multi-device connectivity and wireless extension capabilities. Attackers can exploit this vulnerability to inject a carefully crafted payload to execute arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2868",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r \u003cv1.0.0-b20231213.1013",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "cve": "CVE-2024-28402",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2025-29719",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2024-28402",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-021693",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-28402",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-021693",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-29719",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 wireless router launched by TOTOLINK, a Chinese electronics company. It supports gigabit networks and EasyMesh functionality, and features multi-device connectivity and wireless extension capabilities. Attackers can exploit this vulnerability to inject a carefully crafted payload to execute arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-28402",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "id": "VAR-202404-2868",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:56:03.346000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/x2000r/xss_4_ip_port_filtering/xss.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28402"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "date": "2025-04-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "date": "2024-04-11T01:25:09.977000",
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-29719"
          },
          {
            "date": "2025-04-09T06:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          },
          {
            "date": "2025-04-08T15:13:20.180000",
            "db": "NVD",
            "id": "CVE-2024-28402"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Cross-site scripting vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021693"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1252

    Vulnerability from variot - Updated: 2025-12-19 22:51

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpv6Setup method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1252",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "cve": "CVE-2023-46541",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-30282",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46541",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46541",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46541",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46541",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-30282",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpv6Setup method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46541"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46541",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46541",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46541"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "id": "VAR-202310-1252",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:51:48.011000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formIpv6Setup method stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/778516"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/10/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46541"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46541"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46541"
          },
          {
            "date": "2023-10-25T18:17:38.683000",
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46541"
          },
          {
            "date": "2024-09-11T16:35:26.850000",
            "db": "NVD",
            "id": "CVE-2023-46541"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formIpv6Setup method stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30282"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-2645

    Vulnerability from variot - Updated: 2025-12-19 22:44

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpQoS method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2645",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "cve": "CVE-2023-46563",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-30276",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46563",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46563",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46563",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46563",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-30276",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpQoS method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46563",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "id": "VAR-202310-2645",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:44:45.429000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formIpQoS method stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/778511"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/7/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "date": "2023-10-25T18:17:39.683000",
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          },
          {
            "date": "2024-09-11T16:35:38.173000",
            "db": "NVD",
            "id": "CVE-2023-46563"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formIpQoS method stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-30276"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202405-4091

    Vulnerability from variot - Updated: 2025-12-19 22:28

    Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. TOTOLINK of x2000r The firmware contains a vulnerability related to improper parameter handling.Information may be obtained and information may be tampered with. The TOTOLINK X2000R is a WiFi 6 wireless router launched by TOTOLINK, a Chinese electronics company. It supports gigabit networks and EasyMesh functionality, and features multi-device connectivity and wireless extension capabilities.

    The TOTOLINK X2000R contains a cross-site scripting (XSS) vulnerability. This vulnerability stems from the application's lack of effective filtering and escaping of user-provided data. Attackers can exploit this vulnerability to inject a carefully crafted payload to execute arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-4091",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r \u003cv1.0.0-b20231213.1013",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "cve": "CVE-2024-33433",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2025-29718",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2024-33433",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-021765",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-33433",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-021765",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-29718",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. TOTOLINK of x2000r The firmware contains a vulnerability related to improper parameter handling.Information may be obtained and information may be tampered with. The TOTOLINK X2000R is a WiFi 6 wireless router launched by TOTOLINK, a Chinese electronics company. It supports gigabit networks and EasyMesh functionality, and features multi-device connectivity and wireless extension capabilities. \n\nThe TOTOLINK X2000R contains a cross-site scripting (XSS) vulnerability. This vulnerability stems from the application\u0027s lack of effective filtering and escaping of user-provided data. Attackers can exploit this vulnerability to inject a carefully crafted payload to execute arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-33433",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "id": "VAR-202405-4091",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:28:20.575000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-233",
            "trust": 1.0
          },
          {
            "problemtype": "Improper handling of parameters (CWE-233) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/x2000r/xss_2_guest_access_control/readme.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-33433"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "date": "2025-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "date": "2024-05-14T15:37:38.317000",
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-29718"
          },
          {
            "date": "2025-04-10T02:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          },
          {
            "date": "2025-04-09T14:20:01.070000",
            "db": "NVD",
            "id": "CVE-2024-33433"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Vulnerability regarding improper parameter handling in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021765"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1213

    Vulnerability from variot - Updated: 2025-10-16 23:52

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMeshUploadConfig method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1213",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "cve": "CVE-2023-46542",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23741",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46542",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46542",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46542",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46542",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23741",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMeshUploadConfig method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46542"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46542",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46542",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46542"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "id": "VAR-202310-1213",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:52:33.144000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formMeshUploadConfig method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740941"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/13/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46542"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46542"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46542"
          },
          {
            "date": "2023-10-25T18:17:38.727000",
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46542"
          },
          {
            "date": "2024-09-11T16:35:27.667000",
            "db": "NVD",
            "id": "CVE-2023-46542"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formMeshUploadConfig method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23741"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1381

    Vulnerability from variot - Updated: 2025-10-16 23:52

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAP method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1381",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "cve": "CVE-2023-46552",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23743",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46552",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46552",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46552",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46552",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23743",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAP method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46552"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46552",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46552",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46552"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "id": "VAR-202310-1381",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:52:33.113000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formMultiAP method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740951"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/19/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46552"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46552"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46552"
          },
          {
            "date": "2023-10-25T18:17:39.227000",
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46552"
          },
          {
            "date": "2024-09-11T16:35:30.173000",
            "db": "NVD",
            "id": "CVE-2023-46552"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formMultiAP method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23743"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1947

    Vulnerability from variot - Updated: 2025-10-16 23:52

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAPVLAN method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1947",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "cve": "CVE-2023-46557",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23742",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46557",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46557",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46557",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46557",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23742",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAPVLAN method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46557",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "id": "VAR-202310-1947",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:52:33.075000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formMultiAPVLAN method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740946"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/22/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "date": "2023-10-25T18:17:39.450000",
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          },
          {
            "date": "2024-09-11T16:35:34.220000",
            "db": "NVD",
            "id": "CVE-2023-46557"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formMultiAPVLAN method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23742"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1212

    Vulnerability from variot - Updated: 2025-10-16 23:45

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSetLg method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1212",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "cve": "CVE-2023-46549",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23729",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46549",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23729",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSetLg method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46549"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46549",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46549",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46549"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "id": "VAR-202310-1212",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:45:33.710000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formSetLg method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740976"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/18/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46549"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46549"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46549"
          },
          {
            "date": "2023-10-25T18:17:39.080000",
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46549"
          },
          {
            "date": "2023-11-01T18:02:10.380000",
            "db": "NVD",
            "id": "CVE-2023-46549"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formSetLg method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23729"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1070

    Vulnerability from variot - Updated: 2025-10-16 23:42

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formStats method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1070",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "cve": "CVE-2023-46546",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23730",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46546",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46546",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23730",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formStats method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46546"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46546",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46546",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46546"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "id": "VAR-202310-1070",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:42:10.589000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formStats method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740981"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/15/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46546"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46546"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46546"
          },
          {
            "date": "2023-10-25T18:17:38.917000",
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46546"
          },
          {
            "date": "2023-11-01T18:01:11.127000",
            "db": "NVD",
            "id": "CVE-2023-46546"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formStats method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23730"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1467

    Vulnerability from variot - Updated: 2025-10-16 23:42

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formNtp method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1467",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "cve": "CVE-2023-46540",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23744",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46540",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46540",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46540",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46540",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23744",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formNtp method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46540"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46540",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46540",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46540"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "id": "VAR-202310-1467",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:42:10.555000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formNtp method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740956"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/11/1.md"
          },
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46540"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46540"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46540"
          },
          {
            "date": "2023-10-25T18:17:38.637000",
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46540"
          },
          {
            "date": "2024-09-11T16:35:26.063000",
            "db": "NVD",
            "id": "CVE-2023-46540"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formNtp method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23744"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1250

    Vulnerability from variot - Updated: 2025-10-16 23:41

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formReflashClientTbl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1250",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "cve": "CVE-2023-46551",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23728",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46551",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46551",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23728",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formReflashClientTbl method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46551"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46551",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46551",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46551"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "id": "VAR-202310-1250",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:41:42.328000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R GH formReflashClientTbl method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740971"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/2/1.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46551"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46551"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46551"
          },
          {
            "date": "2023-10-25T18:17:39.177000",
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46551"
          },
          {
            "date": "2023-11-01T18:01:28.653000",
            "db": "NVD",
            "id": "CVE-2023-46551"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R GH formReflashClientTbl method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23728"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-2041

    Vulnerability from variot - Updated: 2025-10-16 23:38

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formPortFw method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2041",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "cve": "CVE-2023-46555",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23727",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46555",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46555",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46555",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46555",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23727",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formPortFw method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46555",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "id": "VAR-202310-2041",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:38:27.322000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formPortFw method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740966"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/3/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "date": "2023-10-25T18:17:39.363000",
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          },
          {
            "date": "2024-09-11T16:35:32.637000",
            "db": "NVD",
            "id": "CVE-2023-46555"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formPortFw method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23727"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1211

    Vulnerability from variot - Updated: 2025-10-16 23:34

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. The OTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formParentControl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1211",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "cve": "CVE-2023-46553",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23745",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46553",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46553",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46553",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46553",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23745",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. The OTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formParentControl method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46553"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46553",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46553",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46553"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "id": "VAR-202310-1211",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:34:13.967000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R GH formParentControl method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740961"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/5/1.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46553"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46553"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46553"
          },
          {
            "date": "2023-10-25T18:17:39.273000",
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46553"
          },
          {
            "date": "2024-09-11T16:35:30.983000",
            "db": "NVD",
            "id": "CVE-2023-46553"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R GH formParentControl method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23745"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1729

    Vulnerability from variot - Updated: 2025-10-15 23:52

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formTcpipSetup method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1729",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "cve": "CVE-2023-46560",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23608",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46560",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46560",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46560",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46560",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23608",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formTcpipSetup method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46560",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "id": "VAR-202310-1729",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          }
        ]
      },
      "last_update_date": "2025-10-15T23:52:33.681000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formTcpipSetup method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/23/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "date": "2023-10-25T18:17:39.593000",
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          },
          {
            "date": "2024-09-11T16:35:36.590000",
            "db": "NVD",
            "id": "CVE-2023-46560"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formTcpipSetup method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23608"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1434

    Vulnerability from variot - Updated: 2025-10-15 23:41

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.

    The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSysLog method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1434",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "cve": "CVE-2023-46547",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23607",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46547",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46547",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23607",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. The TOTOLINK X2000R Gh is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. \n\nThe TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSysLog method\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46547"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46547",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46547",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46547"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "id": "VAR-202310-1434",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          }
        ]
      },
      "last_update_date": "2025-10-15T23:41:00.257000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R GH formSysLog method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/740986"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/12/1.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46547"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-46547"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46547"
          },
          {
            "date": "2023-10-25T18:17:38.960000",
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          },
          {
            "date": "2023-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-46547"
          },
          {
            "date": "2023-11-01T18:00:59.353000",
            "db": "NVD",
            "id": "CVE-2023-46547"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R GH formSysLog method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23607"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202507-2611

    Vulnerability from variot - Updated: 2025-10-15 23:34

    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. TOTOLINK of n600r firmware and x2000r The firmware contains vulnerabilities related to improper permission settings and violations of least privilege.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202507-2611",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "cve": "CVE-2025-8181",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2025-8181",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-015843",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-8181",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-015843",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-8181",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-015843",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. TOTOLINK of n600r firmware and x2000r The firmware contains vulnerabilities related to improper permission settings and violations of least privilege.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-8181",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "317595",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "id": "VAR-202507-2611",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5518367
      },
      "last_update_date": "2025-10-15T23:34:20.439000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-272",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-266",
            "trust": 1.0
          },
          {
            "problemtype": "Improper permission settings (CWE-266) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Violation of least privilege (CWE-272) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.317595"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.621966"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.621968"
          },
          {
            "trust": 1.8,
            "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.317595"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-8181"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "date": "2025-07-26T07:15:26.830000",
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T03:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "date": "2025-10-09T19:40:44.513000",
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 firmware and \u00a0x2000r\u00a0 Vulnerability regarding improper permission settings in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2427

    Vulnerability from variot - Updated: 2025-10-15 23:29

    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. TOTOLINK of x2000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2427",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "2.0.0-b20230727.1043.web"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  2.0.0-b20230727.1043.web"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "totolink",
            "version": "\u003c=2.0.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "cve": "CVE-2025-9577",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 1.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 1.5,
                "id": "CVE-2025-9577",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Local",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 1.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-013592",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 1.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 1.5,
                "id": "CNVD-2025-23591",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.0,
                "id": "CVE-2025-9577",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2025-9577",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-013592",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-9577",
                "trust": 1.0,
                "value": "Low"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-9577",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-013592",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23591",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. TOTOLINK of x2000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 router released by China\u0027s TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-9577",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "321691",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "id": "VAR-202508-2427",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          }
        ]
      },
      "last_update_date": "2025-10-15T23:29:00.244000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-1392",
            "trust": 1.0
          },
          {
            "problemtype": "Using default credentials (CWE-1392) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md#steps-to-reproduce"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.321691"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.636069"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.321691"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-9577"
          },
          {
            "trust": 0.6,
            "url": "https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md#steps"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "date": "2025-09-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "date": "2025-08-28T19:15:34.880000",
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23591"
          },
          {
            "date": "2025-09-10T07:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          },
          {
            "date": "2025-09-09T19:13:43.063000",
            "db": "NVD",
            "id": "CVE-2025-9577"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Firmware vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013592"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2550

    Vulnerability from variot - Updated: 2025-07-13 23:48

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics.

    TOTOLINK X2000R Gh has a buffer overflow vulnerability, which is caused by the formDMZ method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2550",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "cve": "CVE-2023-46564",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15602",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46564",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46564",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46564",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46564",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15602",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. TOTOLINK X2000R Gh is a wireless router from China\u0027s TOTOLINK Electronics. \n\nTOTOLINK X2000R Gh has a buffer overflow vulnerability, which is caused by the formDMZ method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46564",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "id": "VAR-202310-2550",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          }
        ]
      },
      "last_update_date": "2025-07-13T23:48:29.896000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formDMZ method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/707586"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/6/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "date": "2023-10-25T18:17:39.723000",
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          },
          {
            "date": "2024-09-11T15:35:08.437000",
            "db": "NVD",
            "id": "CVE-2023-46564"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formDMZ method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15602"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-2141

    Vulnerability from variot - Updated: 2025-07-13 23:45

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the formFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2141",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "cve": "CVE-2023-46556",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15604",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46556",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-46556",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46556",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46556",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15604",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. TOTOLINK X2000R Gh is a wireless router from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the formFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46556",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "id": "VAR-202310-2141",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          }
        ]
      },
      "last_update_date": "2025-07-13T23:45:17.373000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formFilter method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/707596"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/4/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46556"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "date": "2023-10-25T18:17:39.410000",
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          },
          {
            "date": "2024-09-11T16:35:33.430000",
            "db": "NVD",
            "id": "CVE-2023-46556"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formFilter method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15604"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-1834

    Vulnerability from variot - Updated: 2025-07-13 23:42

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the formDosCfg method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1834",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948"
          },
          {
            "model": "x2000r gh 1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "cve": "CVE-2023-46562",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15603",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-46562",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-46562",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-46562",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-46562",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15603",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. TOTOLINK X2000R Gh is a wireless router from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the formDosCfg method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-46562",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "id": "VAR-202310-1834",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          }
        ]
      },
      "last_update_date": "2025-07-13T23:42:29.408000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK X2000R Gh formDosCfg method buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/707591"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/8/1.md"
          },
          {
            "trust": 1.0,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46562"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "date": "2023-10-25T18:17:39.637000",
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          },
          {
            "date": "2024-09-11T16:35:37.377000",
            "db": "NVD",
            "id": "CVE-2023-46562"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh formDosCfg method buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15603"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202312-2564

    Vulnerability from variot - Updated: 2025-07-12 23:01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics.

    TOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formPasswordSetup failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2564",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r gh v1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "cve": "CVE-2023-51135",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15339",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-51135",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-51135",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-51135",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-51135",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15339",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formPasswordSetup failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-51135",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "id": "VAR-202312-2564",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          }
        ]
      },
      "last_update_date": "2025-07-12T23:01:27.950000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/29/1.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51135"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "date": "2024-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "date": "2023-12-30T16:15:44.910000",
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15339"
          },
          {
            "date": "2024-01-31T04:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          },
          {
            "date": "2024-01-05T18:31:15.977000",
            "db": "NVD",
            "id": "CVE-2023-51135"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024372"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-2292

    Vulnerability from variot - Updated: 2025-07-10 23:06

    TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. TOTOLINK of x2000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a WiFi 6 router launched by China Jiong Electronics. It supports Easy Mesh function and provides Gigabit network connection and VPN service. The vulnerability is caused by the failure of sub_449040 in /bin/boa to properly filter special characters and commands in the construction command. Attackers can exploit this vulnerability to cause arbitrary command execution

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2292",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "2.0.0-b20230727.10434"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  2.0.0-b20230727.10434"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r x2000r v2 2.0.0-b20230727.10434",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "cve": "CVE-2024-22529",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15327",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-22529",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-22529",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-22529",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-22529",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-22529",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15327",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. TOTOLINK of x2000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a WiFi 6 router launched by China Jiong Electronics. It supports Easy Mesh function and provides Gigabit network connection and VPN service. The vulnerability is caused by the failure of sub_449040 in /bin/boa to properly filter special characters and commands in the construction command. Attackers can exploit this vulnerability to cause arbitrary command execution",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-22529",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "id": "VAR-202401-2292",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          }
        ]
      },
      "last_update_date": "2025-07-10T23:06:58.845000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/unpwn4bl3/iot-security/blob/main/29.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-22529"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "date": "2024-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "date": "2024-01-25T16:15:08.960000",
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15327"
          },
          {
            "date": "2024-02-07T02:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          },
          {
            "date": "2025-06-04T22:15:24.783000",
            "db": "NVD",
            "id": "CVE-2024-22529"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001894"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202312-2654

    Vulnerability from variot - Updated: 2025-07-10 22:57

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics.

    TOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formRebootSchedule failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2654",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r gh v1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "cve": "CVE-2023-51136",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15338",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-51136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-51136",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-51136",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-51136",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15338",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formRebootSchedule failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-51136",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "id": "VAR-202312-2654",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:57:14.140000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/28/1.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51136"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "date": "2024-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "date": "2023-12-30T16:15:44.957000",
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15338"
          },
          {
            "date": "2024-01-31T04:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          },
          {
            "date": "2024-01-05T18:30:58.837000",
            "db": "NVD",
            "id": "CVE-2023-51136"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024373"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202403-1743

    Vulnerability from variot - Updated: 2025-07-10 22:48

    TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X2000R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary Web scripts or HTML by injecting carefully designed payloads

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202403-1743",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20231213.1013"
          },
          {
            "model": "x2000r 1.0.0-b20231213.1013",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "cve": "CVE-2024-28401",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15321",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2024-28401",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2024-28401",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-28401",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-28401",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-28401",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15321",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X2000R is a wireless router from China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary Web scripts or HTML by injecting carefully designed payloads",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-28401",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "id": "VAR-202403-1743",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:30.918000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/x2000r/xss_1_root_access_control/xss.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28401"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "date": "2025-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "date": "2024-03-15T17:15:08.043000",
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15321"
          },
          {
            "date": "2025-03-11T01:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          },
          {
            "date": "2025-03-28T19:15:21.033000",
            "db": "NVD",
            "id": "CVE-2024-28401"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Cross-site scripting vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020073"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-0479

    Vulnerability from variot - Updated: 2025-07-10 22:47

    A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router from China's TOTOLINK Electronics.

    Totolink X2000R has a buffer overflow vulnerability, which is caused by the function formTmultiAP in the file /bin/boa failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0479",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20221212.1452"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20221212.1452"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r 1.0.0-b20221212.1452",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "cve": "CVE-2023-7222",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2023-7222",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-15344",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-7222",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-7222",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-7222",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2023-7222",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-7222",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-7222",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15344",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router from China\u0027s TOTOLINK Electronics. \n\nTotolink X2000R has a buffer overflow vulnerability, which is caused by the function formTmultiAP in the file /bin/boa failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-7222",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "249856",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "id": "VAR-202401-0479",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:47:09.687000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/jylsec/vuldb/blob/main/totolink/x2000r/formtmultiap/readme.md"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.249856"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.249856"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-7222"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "date": "2024-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "date": "2024-01-09T16:15:43.693000",
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15344"
          },
          {
            "date": "2024-02-01T01:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          },
          {
            "date": "2024-05-17T02:34:19.373000",
            "db": "NVD",
            "id": "CVE-2023-7222"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001172"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202312-2638

    Vulnerability from variot - Updated: 2025-07-10 22:40

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics.

    TOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formRoute failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2638",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "x2000r  firmware  1.0.0-b20230221.0948.web"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "x2000r gh v1.0.0-b20230221.0948.web",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "cve": "CVE-2023-51133",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15340",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-51133",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-51133",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-51133",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-51133",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15340",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formRoute failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-51133",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "id": "VAR-202312-2638",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:40:11.215000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/xyiym/digging/blob/main/totolink/x2000r/26/1.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51133"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "date": "2024-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "date": "2023-12-30T16:15:44.863000",
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15340"
          },
          {
            "date": "2024-01-31T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          },
          {
            "date": "2024-01-05T18:31:33.190000",
            "db": "NVD",
            "id": "CVE-2023-51133"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0x2000r\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024371"
          }
        ],
        "trust": 0.8
      }
    }

    CVE-2025-9577 (GCVE-0-2025-9577)

    Vulnerability from nvd – Published: 2025-08-28 18:32 – Updated: 2025-08-28 18:41
    VLAI
    Title
    TOTOLINK X2000R Administrative shadow.sample default credentials
    Summary
    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TOTOLINK X2000R Affected: 2.0
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9577",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T18:41:00.764851Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T18:41:04.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK X2000R bis 2.0.0 ist eine Schwachstelle entdeckt worden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /etc/shadow.sample der Komponente Administrative Interface. Die Bearbeitung verursacht use of default credentials. Der Angriff hat dabei lokal zu erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T18:32:07.573Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321691 | TOTOLINK X2000R Administrative shadow.sample default credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.321691"
            },
            {
              "name": "VDB-321691 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321691"
            },
            {
              "name": "Submit #636069 | TOTOLINK Wi-Fi 6 Router X2000R-Gh-V2.0.0 Insecure Storage of Sensitive Information",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636069"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-28T13:17:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK X2000R Administrative shadow.sample default credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9577",
        "datePublished": "2025-08-28T18:32:07.573Z",
        "dateReserved": "2025-08-28T11:12:10.995Z",
        "dateUpdated": "2025-08-28T18:41:04.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8181 (GCVE-0-2025-8181)

    Vulnerability from nvd – Published: 2025-07-26 07:02 – Updated: 2025-07-28 15:05
    VLAI
    Title
    TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Credits
    TPCchecker (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T15:05:38.418732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T15:05:51.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "FTP Service"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            },
            {
              "modules": [
                "FTP Service"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TPCchecker (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-26T07:02:07.845Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.317595"
            },
            {
              "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317595"
            },
            {
              "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621966"
            },
            {
              "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621968"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-25T10:29:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8181",
        "datePublished": "2025-07-26T07:02:07.845Z",
        "dateReserved": "2025-07-25T08:22:27.222Z",
        "dateUpdated": "2025-07-28T15:05:51.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9577 (GCVE-0-2025-9577)

    Vulnerability from cvelistv5 – Published: 2025-08-28 18:32 – Updated: 2025-08-28 18:41
    VLAI
    Title
    TOTOLINK X2000R Administrative shadow.sample default credentials
    Summary
    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TOTOLINK X2000R Affected: 2.0
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9577",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T18:41:00.764851Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T18:41:04.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK X2000R bis 2.0.0 ist eine Schwachstelle entdeckt worden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /etc/shadow.sample der Komponente Administrative Interface. Die Bearbeitung verursacht use of default credentials. Der Angriff hat dabei lokal zu erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T18:32:07.573Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321691 | TOTOLINK X2000R Administrative shadow.sample default credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.321691"
            },
            {
              "name": "VDB-321691 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321691"
            },
            {
              "name": "Submit #636069 | TOTOLINK Wi-Fi 6 Router X2000R-Gh-V2.0.0 Insecure Storage of Sensitive Information",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636069"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-28T13:17:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK X2000R Administrative shadow.sample default credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9577",
        "datePublished": "2025-08-28T18:32:07.573Z",
        "dateReserved": "2025-08-28T11:12:10.995Z",
        "dateUpdated": "2025-08-28T18:41:04.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8181 (GCVE-0-2025-8181)

    Vulnerability from cvelistv5 – Published: 2025-07-26 07:02 – Updated: 2025-07-28 15:05
    VLAI
    Title
    TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Credits
    TPCchecker (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T15:05:38.418732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T15:05:51.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "FTP Service"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            },
            {
              "modules": [
                "FTP Service"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TPCchecker (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-26T07:02:07.845Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.317595"
            },
            {
              "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317595"
            },
            {
              "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621966"
            },
            {
              "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621968"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-25T10:29:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8181",
        "datePublished": "2025-07-26T07:02:07.845Z",
        "dateReserved": "2025-07-25T08:22:27.222Z",
        "dateUpdated": "2025-07-28T15:05:51.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }