CVE 8.7 HIGH

Totolink X5000R formDdns sub_458E40 buffer overflow_CVE-2026-8137

May 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

AI Analysis

Buffer overflow vulnerability in Totolink X5000R via the sub_458E40 function in the /boafrm/formDdns file, allowing remote exploitation.

Basic Information

ID CVE-2026-8137

Source VulDB

Published May 8, 2026 at 04:00

Affected Product

Vendor Totolink

Product X5000R

Version 9.1.0u.6369_B20230113

Affected Versions Totolink X5000R 9.1.0u.6369_B20230113

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product X5000R

Version 9.1.0u.6369_B20230113

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
    "published": "2026-05-08T04:00:13.042Z",
    "modified": "2026-05-08T04:00:13.042Z",
    "type": "cve",
    "title": "Totolink X5000R formDdns sub_458E40 buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361926\nhttps://vuldb.com/vuln/361926/cti\nhttps://vuldb.com/submit/808863\nhttps://github.com/Kiciot/cve/issues/4\nhttps://www.totolink.net/",
    "id": "CVE-2026-8137",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink X5000R 9.1.0u.6369_B20230113",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X5000R",
    "version": "9.1.0u.6369_B20230113",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink X5000R via the sub_458E40 function in the /boafrm/formDdns file, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "X5000R",
    "ai_version": "9.1.0u.6369_B20230113",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply