Buffer Overflow in TOTOLINK A3600R Router Firmware
CVE-2024-7173

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: A3600r Firmware
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-7173?

A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router firmware, specifically in the loginauth function accessed through the cgi-bin/cstecgi.cgi file. This flaw arises from improper handling of input arguments, namely 'password' and 'http_host', allowing for a malicious actor to exploit the vulnerability remotely. The lack of vendor response to disclosed reports raises concerns regarding timely patching, emphasizing the need for users to be vigilant about securing their devices against potential attacks. Users of the affected firmware are strongly encouraged to apply necessary updates or implement additional security measures to safeguard their network.

References

https://vuldb.com/?id.272594

https://vuldb.com/?ctiid.272594

https://vuldb.com/?submit.378040

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024