Stack Overflow Vulnerability in TOTOLINK CP900L
CVE-2024-35403

2.7LOW

Key Information:

Vendor: TOTOLINK
Status: Cp900l Firmware
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-35403?

A stack overflow vulnerability exists in the TOTOLINK CP900L router, specifically affecting version v4.1.5cu.798_B20221228. The vulnerability arises from the improper handling of the 'desc' parameter within the 'setIpPortFilterRules' function. An attacker could exploit this weakness to execute arbitrary code or manipulate system functions, potentially compromising the device and the network it manages.

References

https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024