Details of VAR-202310-2645

ID

VAR-202310-2645

CVE

CVE-2023-46563

TITLE

TOTOLINK X2000R Gh formIpQoS method stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-30276

DESCRIPTION

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpQoS method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2023-46563 // CNVD: CNVD-2025-30276

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-30276

AFFECTED PRODUCTS

vendor:	totolink	model:	x2000r	scope:	eq	version:	1.0.0-b20230221.0948	Trust: 1.0
vendor:	totolink	model:	x2000r gh 1.0.0-b20230221.0948.web	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-30276 // NVD: CVE-2023-46563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-46563
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46563
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-30276
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-30276
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-46563
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46563
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-30276 // NVD: CVE-2023-46563 // NVD: CVE-2023-46563

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2023-46563

PATCH

title:

Patch for TOTOLINK X2000R Gh formIpQoS method stack buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/778511

Trust: 0.6

sources: CNVD: CNVD-2025-30276

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46563	Trust: 1.6
db:	CNVD	id:	CNVD-2025-30276	Trust: 0.6

sources: CNVD: CNVD-2025-30276 // NVD: CVE-2023-46563

REFERENCES

url:	https://github.com/xyiym/digging/blob/main/totolink/x2000r/7/1.md	Trust: 1.6
url:	https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36	Trust: 1.0

sources: CNVD: CNVD-2025-30276 // NVD: CVE-2023-46563

SOURCES

db:	CNVD	id:	CNVD-2025-30276
db:	NVD	id:	CVE-2023-46563

LAST UPDATE DATE

2025-12-19T22:44:45.429000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-30276	date:	2025-12-09T00:00:00
db:	NVD	id:	CVE-2023-46563	date:	2024-09-11T16:35:38.173

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-30276	date:	2025-12-08T00:00:00
db:	NVD	id:	CVE-2023-46563	date:	2023-10-25T18:17:39.683