CVE-2023-36947

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0u.6118 B20201102 TOTOLINK A7000R version 9.1.0u.6115 B20201022

Description A stack overflow issue was discovered via the File parameter in the UploadCustomModule function. This issue affects the specified versions of TOTOLINK X5000R and TOTOLINK A7000R routers.

Recommendations For TOTOLINK X5000R version 9.1.0u.6118 B20201102, consider disabling the UploadCustomModule function until a patch is available. For TOTOLINK A7000R version 9.1.0u.6115 B20201022, restrict access to the UploadCustomModule function to minimize the risk of exploitation. Avoid using the File parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.