Buffer Overflow Vulnerability in TOTOLINK A7000R
CVE-2024-7212

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: A7000r Firmware
Vendor: CVE Published:; 30 July 2024

Summary

A significant buffer overflow vulnerability has been identified in the TOTOLINK A7000R router, specifically affecting version 9.1.0u.6268_B20220504. This vulnerability occurs in the loginauth function of the cstecgi.cgi file, where improper handling of the password argument can lead to unintended memory access and potential remote code execution. As the issue has been publicly disclosed, it poses a risk to users who may be targeted through remote attacks. Given the lack of communication from the vendor following early disclosure, users are strongly advised to review their device configurations and implement necessary security measures immediately to mitigate the threat.

References

https://vuldb.com/?id.272783

https://vuldb.com/?ctiid.272783

https://vuldb.com/?submit.378312

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2024