CVE-2023-7222

Name of the Vulnerable Software and Affected Versions Totolink X2000R version 1.0.0-B20221212.1452

Description The issue is related to a buffer overflow vulnerability in the formTmultiAP function of the /bin/boa file. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary code. The manipulation of the submit-url argument leads to the buffer overflow. The attack can be initiated remotely.

Recommendations For Totolink X2000R version 1.0.0-B20221212.1452, as a temporary workaround, consider disabling the formTmultiAP function until a patch is available. Restrict access to the /bin/boa file to minimize the risk of exploitation. Avoid using the submit-url argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.