Sign-up

ID

VAR-202310-2141


CVE

CVE-2023-46556


TITLE

TOTOLINK X2000R Gh formFilter method buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15604

DESCRIPTION

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the formFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.44

sources: NVD: CVE-2023-46556 // CNVD: CNVD-2025-15604

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15604

AFFECTED PRODUCTS

vendor:totolinkmodel:x2000rscope:eqversion:1.0.0-b20230221.0948

Trust: 1.0

vendor:totolinkmodel:x2000r gh 1.0.0-b20230221.0948.webscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15604 // NVD: CVE-2023-46556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46556
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46556
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-15604
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15604
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-46556
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46556
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-15604 // NVD: CVE-2023-46556 // NVD: CVE-2023-46556

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2023-46556

PATCH

title:Patch for TOTOLINK X2000R Gh formFilter method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/707596

Trust: 0.6

sources: CNVD: CNVD-2025-15604

EXTERNAL IDS

db:NVDid:CVE-2023-46556

Trust: 1.6

db:CNVDid:CNVD-2025-15604

Trust: 0.6

sources: CNVD: CNVD-2025-15604 // NVD: CVE-2023-46556

REFERENCES

url:https://github.com/xyiym/digging/blob/main/totolink/x2000r/4/1.md

Trust: 1.0

url:https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-46556

Trust: 0.6

sources: CNVD: CNVD-2025-15604 // NVD: CVE-2023-46556

SOURCES

db:CNVDid:CNVD-2025-15604
db:NVDid:CVE-2023-46556

LAST UPDATE DATE

2025-07-13T23:45:17.373000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15604date:2025-07-11T00:00:00
db:NVDid:CVE-2023-46556date:2024-09-11T16:35:33.430

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15604date:2025-07-11T00:00:00
db:NVDid:CVE-2023-46556date:2023-10-25T18:17:39.410