Totolink LR1200GB cstecgi.cgi setLanguageCfg stack-based overflow
CVE-2024-0577
Key Information:
Badges
What is CVE-2024-0577?
A significant vulnerability exists in the Totolink LR1200GB router, specifically in version 9.1.0u.6619_B20230130. The vulnerability affects the function setLanguageCfg found in the /cgi-bin/cstecgi.cgi file, allowing for a stack-based buffer overflow due to improper handling of the 'lang' argument. This flaw can be exploited remotely, posing a serious risk to the security of the device and potentially allowing attackers to execute arbitrary code. The vulnerability has been publicly disclosed, and as a result, it is crucial for users of the affected product to assess their exposure and take necessary precautions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
LR1200GB 9.1.0u.6619_B20230130
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved