Buffer Overflow Vulnerability in TOTOLINK EX1200L Router Firmware
CVE-2024-7338
8.8HIGH
What is CVE-2024-7338?
A severe buffer overflow vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This vulnerability is triggered by manipulating the week, sTime, or eTime arguments. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the router, potentially allowing for the complete takeover of the device. This critical issue has been publicized, raising concerns about its exploitation in the wild. TOTOLINK has been notified of this vulnerability but has not provided any response or mitigation guidance.
Affected Version(s)
EX1200L 9.3.5u.6146_B20201023