Totolink N350RT cstecgi.cgi loginAuth stack-based overflow
CVE-2023-7218

7.2HIGH

Key Information:

Vendor: Totolink
Status: N350rt
Vendor: CVE Published:; 8 January 2024

What is CVE-2023-7218?

A vulnerability affecting the Totolink N350RT router allows for a stack-based buffer overflow due to improper handling of the password argument in the loginAuth function located in the /cgi-bin/cstecgi.cgi file. This issue could be exploited remotely, enabling attackers to compromise the device's security. The vendor was notified about the vulnerability before public disclosure but did not respond. Users of the affected router model should take immediate action to mitigate potential security risks.

Affected Version(s)

N350RT 9.3.5u.6139_B202012

References

https://vuldb.com/?id.249852

vdb-entrytechnical-description

https://vuldb.com/?ctiid.249852

signaturepermissions-required

https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT...

broken-link

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024
Vulnerability Reserved
Jan 7, 2024

Credit

jylsec (VulDB User)

JSON