Security Vulnerability in TOTOLINK A3600R 4.1.2cu.5182 Could Allow Remote Exploitation
CVE-2024-7187

8.8HIGH

Key Information:

Vendor: Totolink
Status: A3600r
Vendor: CVE Published:; 29 July 2024

Badges

👾 Exploit Exists

What is CVE-2024-7187?

A buffer overflow vulnerability has been identified in the TOTOLINK A3600R Router, specifically within the UploadCustomModule function located in the /cgi-bin/cstecgi.cgi file. This vulnerability occurs due to improper handling of the File argument, which can be manipulated to cause a buffer overflow condition. Attackers can exploit this vulnerability remotely, potentially compromising the device's functionality and security. The vulnerability has been publicly disclosed, and the vendor has not acknowledged the issue despite early communication attempts. Users of the affected firmware version are advised to take necessary precautions to safeguard their devices.

Affected Version(s)

A3600R 4.1.2cu.5182_B20201102

References

https://vuldb.com/?id.272608

vdb-entrytechnical-description

https://vuldb.com/?ctiid.272608

signaturepermissions-required

https://vuldb.com/?submit.378291

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 29, 2024
Vulnerability published
Jul 29, 2024
Vulnerability Reserved
Jul 28, 2024

Credit

wxhwxhwxh_tutu (VulDB User)

Totolink

Badges

What is CVE-2024-7187?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit