Sign-up

ID

VAR-202310-1381


CVE

CVE-2023-46552


TITLE

TOTOLINK X2000R Gh formMultiAP method buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-23743

DESCRIPTION

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities. The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAP method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.53

sources: NVD: CVE-2023-46552 // CNVD: CNVD-2025-23743 // VULMON: CVE-2023-46552

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-23743

AFFECTED PRODUCTS

vendor:totolinkmodel:x2000rscope:eqversion:1.0.0-b20230221.0948

Trust: 1.0

vendor:totolinkmodel:x2000r gh 1.0.0-b20230221.0948.webscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-23743 // NVD: CVE-2023-46552

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46552
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46552
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-23743
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-23743
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-46552
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46552
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-23743 // NVD: CVE-2023-46552 // NVD: CVE-2023-46552

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2023-46552

PATCH

title:Patch for TOTOLINK X2000R Gh formMultiAP method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/740951

Trust: 0.6

sources: CNVD: CNVD-2025-23743

EXTERNAL IDS

db:NVDid:CVE-2023-46552

Trust: 1.7

db:CNVDid:CNVD-2025-23743

Trust: 0.6

db:VULMONid:CVE-2023-46552

Trust: 0.1

sources: CNVD: CNVD-2025-23743 // VULMON: CVE-2023-46552 // NVD: CVE-2023-46552

REFERENCES

url:https://github.com/xyiym/digging/blob/main/totolink/x2000r/19/1.md

Trust: 1.7

url:https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36

Trust: 1.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-23743 // VULMON: CVE-2023-46552 // NVD: CVE-2023-46552

SOURCES

db:CNVDid:CNVD-2025-23743
db:VULMONid:CVE-2023-46552
db:NVDid:CVE-2023-46552

LAST UPDATE DATE

2025-10-16T23:52:33.113000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-23743date:2025-10-15T00:00:00
db:VULMONid:CVE-2023-46552date:2023-10-25T00:00:00
db:NVDid:CVE-2023-46552date:2024-09-11T16:35:30.173

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-23743date:2025-10-13T00:00:00
db:VULMONid:CVE-2023-46552date:2023-10-25T00:00:00
db:NVDid:CVE-2023-46552date:2023-10-25T18:17:39.227