Stack Overflow Vulnerability in TOTOLINK CP900L
CVE-2024-35399

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: Cp900l Firmware
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-35399?

The TOTOLINK CP900L is susceptible to a stack overflow due to an issue in the loginAuth function. This vulnerability occurs when the password parameter is processed, potentially allowing an attacker to exploit the system. An attacker can leverage this weakness to execute arbitrary code or cause a denial of service, therefore compromising the integrity and availability of the device. It is crucial for users of the affected product to assess their security strategies and apply any available mitigations.

References

http://totolink.com

https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024