Buffer Overflow Vulnerability in TOTOLINK A3300R
CVE-2024-7331

8.8HIGH

Key Information:

Vendor: Totolink
Status: A3300r
Vendor: CVE Published:; 1 August 2024

Badges

👾 Exploit Exists

What is CVE-2024-7331?

A critical buffer overflow vulnerability has been identified in the TOTOLINK A3300R router within the UploadCustomModule function located at /cgi-bin/cstecgi.cgi. This vulnerability stems from improper handling of input parameters, where the argument 'File' can be manipulated, allowing for remote code execution through a buffer overflow exploit. The flaw can be exploited without user authentication, putting affected devices at significant risk. The vendor has been notified about the issue but has yet to respond or provide a fix. Users of the affected versions are advised to take precautionary measures to secure their devices.

Affected Version(s)

A3300R 17.0.0cu.557_B20221024

References

https://vuldb.com/?id.273254

vdb-entrytechnical-description

https://vuldb.com/?ctiid.273254

signaturepermissions-required

https://vuldb.com/?submit.378351

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024
👾
Exploit known to exist
Jul 31, 2024

Credit

yhryhryhr_miemie (VulDB User)

Totolink

Badges

What is CVE-2024-7331?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit