Buffer Overflow in TOTOLINK CP450 Affects Remote Authentication
CVE-2024-7465
What is CVE-2024-7465?
A critical vulnerability has been identified in the TOTOLINK CP450 device, specifically within the authentication functionality located in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the 'http_host' argument, enabling a malicious actor to exploit a buffer overflow flaw. The impact of this flaw allows attackers to launch remote access attacks, potentially compromising device security. Despite early disclosures to the vendor, there has been no response, raising concerns about the urgency of patch implementation and user vigilance. Organizations using the affected version are advised to take immediate measures to secure their devices against potential exploits.
Affected Version(s)
CP450 4.1.0cu.747_B20191224
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved