CVE-2023-36947
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro File en la función UploadCustomModule.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-28 CVE Reserved
- 2023-10-16 CVE Published
- 2024-09-12 CVE Updated
- 2024-09-12 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md | 2024-09-12 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Totolink Search vendor "Totolink" | X5000r Firmware Search vendor "Totolink" for product "X5000r Firmware" | 9.1.0u.6118_b20201102 Search vendor "Totolink" for product "X5000r Firmware" and version "9.1.0u.6118_b20201102" | - |
Affected
| in | Totolink Search vendor "Totolink" | X5000r Search vendor "Totolink" for product "X5000r" | - | - |
Safe
|
| Totolink Search vendor "Totolink" | A7000r Firmware Search vendor "Totolink" for product "A7000r Firmware" | 9.1.0u.6115_b20201022 Search vendor "Totolink" for product "A7000r Firmware" and version "9.1.0u.6115_b20201022" | - |
Affected
| in | Totolink Search vendor "Totolink" | A7000r Search vendor "Totolink" for product "A7000r" | - | - |
Safe
|