Exploitable Stack-Based Buffer Overflow in TOTOLINK EX1800T Firmware
CVE-2024-12352

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Ex1800t
Vendor: CVE Published:; 9 December 2024

Badges

👾 Exploit Exists

What is CVE-2024-12352?

CVE-2024-12352 is a high-risk vulnerability identified in the TOTOLINK EX1800T router's firmware version 9.1.0cu.2112_B20220316. This critical flaw exists within the function sub_40662C of the CGI script located at /cgi-bin/cstecgi.cgi. It allows attackers to manipulate the 'ssid' argument and trigger a stack-based buffer overflow, potentially enabling remote execution of arbitrary code. Given that the exploit has been publicly disclosed, it poses a significant threat to network integrity and user data security. Users are advised to apply relevant security patches and monitor for any suspicious activity.

Affected Version(s)

EX1800T 9.1.0cu.2112_B20220316

References

https://vuldb.com/?id.287272

vdb-entrytechnical-description

https://vuldb.com/?ctiid.287272

signaturepermissions-required

https://vuldb.com/?submit.457392

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Dec 9, 2024
Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Dec 8, 2024

Credit

zhangzheng (VulDB User)

Totolink

Badges

What is CVE-2024-12352?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit