Sign-up

ID

VAR-202310-2550


CVE

CVE-2023-46564


TITLE

TOTOLINK X2000R Gh formDMZ method buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15602

DESCRIPTION

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. TOTOLINK X2000R Gh has a buffer overflow vulnerability, which is caused by the formDMZ method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.44

sources: NVD: CVE-2023-46564 // CNVD: CNVD-2025-15602

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15602

AFFECTED PRODUCTS

vendor:totolinkmodel:x2000rscope:eqversion:1.0.0-b20230221.0948

Trust: 1.0

vendor:totolinkmodel:x2000r gh 1.0.0-b20230221.0948.webscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15602 // NVD: CVE-2023-46564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46564
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46564
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-15602
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15602
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-46564
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-46564
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-15602 // NVD: CVE-2023-46564 // NVD: CVE-2023-46564

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2023-46564

PATCH

title:Patch for TOTOLINK X2000R Gh formDMZ method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/707586

Trust: 0.6

sources: CNVD: CNVD-2025-15602

EXTERNAL IDS

db:NVDid:CVE-2023-46564

Trust: 1.6

db:CNVDid:CNVD-2025-15602

Trust: 0.6

sources: CNVD: CNVD-2025-15602 // NVD: CVE-2023-46564

REFERENCES

url:https://github.com/xyiym/digging/blob/main/totolink/x2000r/6/1.md

Trust: 1.6

url:https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36

Trust: 1.0

sources: CNVD: CNVD-2025-15602 // NVD: CVE-2023-46564

SOURCES

db:CNVDid:CNVD-2025-15602
db:NVDid:CVE-2023-46564

LAST UPDATE DATE

2025-07-13T23:48:29.896000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15602date:2025-07-11T00:00:00
db:NVDid:CVE-2023-46564date:2024-09-11T15:35:08.437

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15602date:2025-07-11T00:00:00
db:NVDid:CVE-2023-46564date:2023-10-25T18:17:39.723