CVE-2023-7208 - OpenCVE

A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Totolink	X2000r X2000r Firmware

Configuration 1 [-]

AND

cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*

cpe:2.3:h:totolink:x2000r:v2:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/unpWn4bL3/iot-security/blob/main/13.md
https://vuldb.com/?ctiid.249742
https://vuldb.com/?id.249742

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-07T07:00:05.477Z

Updated: 2024-08-02T08:57:34.118Z

Reserved: 2024-01-05T09:20:03.714Z

Link: CVE-2023-7208

Vulnrichment

Updated: 2024-08-02T08:57:34.118Z

NVD

Status : Modified

Published: 2024-01-07T07:15:07.777

Modified: 2024-05-17T02:34:17.903

Link: CVE-2023-7208

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7208", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-05T09:20:03.714Z", "datePublished": "2024-01-07T07:00:05.477Z", "dateUpdated": "2024-08-02T08:57:34.118Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-07T07:00:05.477Z"}, "title": "Totolink X2000R_V2 boa formTmultiAP buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Overflow"}]}], "affected": [{"vendor": "Totolink", "product": "X2000R_V2", "versions": [{"version": "2.0.0-B20230727.10434", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Totolink X2000R_V2 2.0.0-B20230727.10434 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formTmultiAP der Datei /bin/boa. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-01-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-05T10:25:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "unpWn4bl3 (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.249742", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.249742", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md", "tags": ["related"]}]}, "adp": [{"affected": [{"vendor": "totolink", "product": "x2000r_firmware", "cpes": ["cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.0-b20230727.10434", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T16:00:41.450967Z", "id": "CVE-2023-7208", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T16:58:12.358Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:34.118Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.249742", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.249742", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md", "tags": ["related", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.249742", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.249742", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:34.118Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7208", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-29T16:00:41.450967Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*"], "vendor": "totolink", "product": "x2000r_firmware", "versions": [{"status": "affected", "version": "2.0.0-b20230727.10434"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T16:22:13.701Z"}}], "cna": {"title": "Totolink X2000R_V2 boa formTmultiAP buffer overflow", "credits": [{"lang": "en", "type": "analyst", "value": "unpWn4bl3 (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "Totolink", "product": "X2000R_V2", "versions": [{"status": "affected", "version": "2.0.0-B20230727.10434"}]}], "timeline": [{"lang": "en", "time": "2024-01-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-05T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-01-05T10:25:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.249742", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.249742", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Totolink X2000R_V2 2.0.0-B20230727.10434 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formTmultiAP der Datei /bin/boa. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Overflow"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-07T07:00:05.477Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7208", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:57:34.118Z", "dateReserved": "2024-01-05T09:20:03.714Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-07T07:00:05.477Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*", "matchCriteriaId": "2DC1EF3D-D4D0-4793-9418-0C12884718CC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:x2000r:v2:*:*:*:*:*:*:*", "matchCriteriaId": "E04390BE-A47B-4821-8552-42035775A2FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Totolink X2000R_V2 2.0.0-B20230727.10434 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formTmultiAP del archivo /bin/boa. La manipulaci\u00f3n provoca un desbordamiento de b\u00fafer. VDB-249742 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2023-7208", "lastModified": "2024-05-17T02:34:17.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-01-07T07:15:07.777", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.249742"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.249742"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Secondary"}]}