Vulnerabilities ›

CVE-2026-8137

High

CWE-119 — Weakness Type

                    Published: May 8, 2026                      ·  Modified: May 15, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

🤖 AI Executive Summary

A critical buffer overflow vulnerability exists in Totolik X5000R router firmware (version 9.1.0u.6369_B20230113) affecting the DDNS configuration function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the submit-url parameter, with no patch currently available. This poses significant risk to Saudi organizations using this router model for network infrastructure and remote access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 14:49

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi telecommunications providers (STC, Mobily, Zain), government agencies using Totolik routers for network infrastructure, and enterprises with remote office connectivity. Banking sector organizations using these routers for branch connectivity face elevated risk. The DDNS functionality is commonly used in Saudi organizations for remote management and VPN access, making this a critical exposure point. Energy sector (ARAMCO subsidiaries) and healthcare institutions relying on this equipment for network management are also at significant risk.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Banking and Financial Services Government and Public Administration Energy (ARAMCO and subsidiaries) Healthcare Enterprise IT Infrastructure

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1499 - Endpoint Denial of Service T1059 - Command and Scripting Interpreter T1047 - Windows Management Instrumentation T1543 - Create or Modify System Process

⚖️ Saudi Risk Score (AI)

8.5

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Totolik X5000R devices in your network using asset discovery tools

2. Isolate affected routers from internet-facing positions if possible

3. Disable DDNS functionality immediately if not critical to operations

4. Implement network segmentation to restrict access to router management interfaces



COMPENSATING CONTROLS (until patch available):

5. Restrict access to /boafrm/formDdns endpoint using WAF/IPS rules

6. Implement strict input validation and length restrictions on submit-url parameter

7. Deploy IPS signatures blocking oversized DDNS requests

8. Monitor router logs for suspicious DDNS configuration attempts

9. Implement network-based detection: alert on POST requests to /boafrm/formDdns with submit-url parameter exceeding 256 bytes

10. Consider replacing affected routers with patched alternatives from vendor

11. Enable router authentication and disable remote management if possible

12. Implement rate limiting on DDNS configuration endpoints

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Totolik X5000R في شبكتك باستخدام أدوات اكتشاف الأصول

2. عزل أجهزة التوجيه المتأثرة عن المواضع المواجهة للإنترنت إن أمكن

3. تعطيل وظيفة DDNS فوراً إذا لم تكن حرجة للعمليات

4. تنفيذ تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة جهاز التوجيه



الضوابط التعويضية (حتى توفر التصحيح):

5. تقييد الوصول إلى نقطة نهاية /boafrm/formDdns باستخدام قواعد WAF/IPS

6. تنفيذ التحقق الصارم من المدخلات وقيود الطول على معامل submit-url

7. نشر توقيعات IPS لحجب طلبات DDNS الكبيرة

8. مراقبة سجلات جهاز التوجيه للمحاولات المريبة لتكوين DDNS

9. الكشف القائم على الشبكة: تنبيه على طلبات POST إلى /boafrm/formDdns مع معامل submit-url يتجاوز 256 بايت

10. النظر في استبدال أجهزة التوجيه المتأثرة ببدائل معدلة من البائع

11. تفعيل مصادقة جهاز التوجيه وتعطيل الإدارة البعيدة إن أمكن

12. تنفيذ تحديد معدل على نقاط نهاية تكوين DDNS

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of network activities

🔵 SAMA CSF

SAMA CSF ID.BE-5 - Organizational resilience SAMA CSF PR.IP-12 - Security patch management SAMA CSF DE.CM-1 - Network monitoring and anomaly detection

🟡 ISO 27001:2022

ISO 27001:2022 A.12.2.1 - Change management procedures ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.5 - Secure development environment

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patch management PCI DSS 11.2 - Vulnerability scanning

🔗 References & Sources 5

🔗

https://github.com/Kiciot/cve/issues/4

cna@vuldb.com

🔗

https://vuldb.com/submit/808863

cna@vuldb.com

🔗

https://vuldb.com/vuln/361926

cna@vuldb.com

🔗

https://vuldb.com/vuln/361926/cti

cna@vuldb.com

🔗

https://www.totolink.net/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-08

Source Feed nvd

🇸🇦 Saudi Risk Score

8.5

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8137

Introduce Yourself

Sign In Required