Stack Overflow Vulnerability in TOTOLINK CP900L Router
CVE-2024-35400

5.3MEDIUM

Key Information:

Vendor: TOTOLINK
Status: Cp900l Firmware
Vendor: CVE Published:; 28 May 2024

Summary

A stack overflow issue has been identified in the TOTOLINK CP900L router, specifically in version 4.1.5cu.798_B20221228. This vulnerability arises from improper handling of the 'desc' parameter within the SetPortForwardRules function, allowing potential attackers to execute malicious payloads. Exploitation of this vulnerability may compromise the router's security, leading to unauthorized access or manipulation of the device's settings.

References

http://totolink.com

https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024