Buffer Overflow Weakness in TOTOLINK A3600R Devices
CVE-2024-7177

8.8HIGH

Key Information:

Vendor: Totolink
Status: A3600r
Vendor: CVE Published:; 29 July 2024

Badges

👾 Exploit Exists

What is CVE-2024-7177?

A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router, specifically in the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file. This flaw arises from improper handling of the langType argument, allowing an attacker to exploit the vulnerability remotely. If successfully executed, this exploit could lead to unauthorized access and control over the affected device. Public disclosure of the vulnerability has occurred, underlining the urgent need for users to apply necessary patches and mitigations. Notably, the vendor has not responded to early disclosure attempts, emphasizing the importance of proactive security measures.

Affected Version(s)

A3600R 4.1.2cu.5182_B20201102

References

https://vuldb.com/?id.272598

vdb-entrytechnical-description

https://vuldb.com/?ctiid.272598

signaturepermissions-required

https://vuldb.com/?submit.378044

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 29, 2024
Vulnerability published
Jul 29, 2024
Vulnerability Reserved
Jul 28, 2024

Credit

wxhwxhwxh_mie (VulDB User)

Totolink

Badges

What is CVE-2024-7177?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit