Buffer Overflow Vulnerability Detected in TOTOLINK A7000R Router
CVE-2024-7213

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: A7000r Firmware
Vendor: CVE Published:; 30 July 2024

What is CVE-2024-7213?

A critical buffer overflow vulnerability has been identified in the TOTOLINK A7000R router, affecting version 9.1.0u.6268_B20220504. The issue lies within the setWizardCfg function located in the /cgi-bin/cstecgi.cgi file. By manipulating the argument 'ssid', an attacker can exploit this vulnerability remotely, potentially compromising the device's security. This exploit has already been made public, raising significant concerns regarding its potential use in cyberattacks. Notably, the vendor has not responded to prior disclosures of this issue, emphasizing the need for immediate action by users to secure their devices.

References

https://vuldb.com/?id.272784

https://vuldb.com/?ctiid.272784

https://vuldb.com/?submit.378313

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024