Buffer Overflow Vulnerability in TOTOLINK EX1200L Router Firmware
CVE-2024-7338

8.8HIGH

Key Information:

Vendor: Totolink
Status: Ex1200l
Vendor: CVE Published:; 1 August 2024

Badges

👾 Exploit Exists

What is CVE-2024-7338?

A severe buffer overflow vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This vulnerability is triggered by manipulating the week, sTime, or eTime arguments. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the router, potentially allowing for the complete takeover of the device. This critical issue has been publicized, raising concerns about its exploitation in the wild. TOTOLINK has been notified of this vulnerability but has not provided any response or mitigation guidance.

Affected Version(s)

EX1200L 9.3.5u.6146_B20201023

References

https://vuldb.com/?id.273261

vdb-entrytechnical-description

https://vuldb.com/?ctiid.273261

signaturepermissions-required

https://vuldb.com/?submit.379316

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 1, 2024
Vulnerability published
Aug 1, 2024
Vulnerability Reserved
Jul 31, 2024

Credit

yhryhryhr_tu (VulDB User)

Totolink

Badges

What is CVE-2024-7338?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit