Buffer Overflow Vulnerability in TOTOLINK EX1200L Router Firmware
CVE-2024-7338

8.8HIGH

Key Information:

Vendor

Totolink
Status
Ex1200l
Vendor
CVE Published:
1 August 2024

Badges

👾 Exploit Exists

What is CVE-2024-7338?

A severe buffer overflow vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This vulnerability is triggered by manipulating the week, sTime, or eTime arguments. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the router, potentially allowing for the complete takeover of the device. This critical issue has been publicized, raising concerns about its exploitation in the wild. TOTOLINK has been notified of this vulnerability but has not provided any response or mitigation guidance.

Affected Version(s)

EX1200L 9.3.5u.6146_B20201023

References

https://vuldb.com/?id.273261
vdb-entrytechnical-description
https://vuldb.com/?ctiid.273261
signaturepermissions-required
https://vuldb.com/?submit.379316
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yhryhryhr_tu (VulDB User)
JSON
.