Description
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Published: 2026-05-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow, identified as CWE-119 and CWE-120, occurs when an attacker manipulates the submit-url parameter in the formDdns component of Totolink X5000R firmware. The overflow allows arbitrary code execution on the device from a remote source, compromising confidentiality, integrity, and availability of the router.

Affected Systems

The vulnerability affects any Totolink X5000R router running firmware version 9.1.0u.6369_B20230113. No other vendor or product versions are listed.

Risk and Exploitability

The CVSS score of 8.7 indicates a high‑severity flaw. Although EPSS data is not available, the exploit is publicly disclosed and can be applied remotely, so the likelihood of exploitation is significant. The vulnerability is not yet in the CISA KEV catalog, but that does not reduce its risk.

Generated by OpenCVE AI on May 8, 2026 at 06:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by Totolink that patches sub_458E40.
  • If a patch is unavailable or delayed, block external access to the formDdns endpoint with a firewall or disable the DDNS service.
  • Enforce strict input validation and consider a web application firewall to detect and block malformed submit-url requests.

Generated by OpenCVE AI on May 8, 2026 at 06:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink x5000r
Vendors & Products Totolink x5000r

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Title Totolink X5000R formDdns sub_458E40 buffer overflow
First Time appeared Totolink
Totolink x5000r Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:totolink:x5000r_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink x5000r Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Totolink X5000r X5000r Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-08T12:55:48.365Z

Reserved: 2026-05-07T17:56:23.727Z

Link: CVE-2026-8137

cve-icon Vulnrichment

Updated: 2026-05-08T12:55:33.735Z

cve-icon NVD

Status : Received

Published: 2026-05-08T05:16:11.620

Modified: 2026-05-08T05:16:11.620

Link: CVE-2026-8137

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T07:00:04Z

Weaknesses