Buffer Overflow Vulnerability in TOTOLINK A3300R
CVE-2024-7331

8.8HIGH

Key Information:

Vendor
Totolink
Status
A3300r
Vendor
CVE Published:
1 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A critical buffer overflow vulnerability has been identified in the TOTOLINK A3300R router within the UploadCustomModule function located at /cgi-bin/cstecgi.cgi. This vulnerability stems from improper handling of input parameters, where the argument 'File' can be manipulated, allowing for remote code execution through a buffer overflow exploit. The flaw can be exploited without user authentication, putting affected devices at significant risk. The vendor has been notified about the issue but has yet to respond or provide a fix. Users of the affected versions are advised to take precautionary measures to secure their devices.

Affected Version(s)

A3300R 17.0.0cu.557_B20221024

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7331 - Proof of Concept

References

https://vuldb.com/?id.273254
vdb-entrytechnical-description
https://vuldb.com/?ctiid.273254
signaturepermissions-required
https://vuldb.com/?submit.378351
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

Credit

yhryhryhr_miemie (VulDB User)
.