Buffer Overflow in TOTOLINK CP450 Affects Remote Authentication
CVE-2024-7465

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Cp450
Vendor: CVE Published:; 5 August 2024

Badges

👾 Exploit Exists

What is CVE-2024-7465?

A critical vulnerability has been identified in the TOTOLINK CP450 device, specifically within the authentication functionality located in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the 'http_host' argument, enabling a malicious actor to exploit a buffer overflow flaw. The impact of this flaw allows attackers to launch remote access attacks, potentially compromising device security. Despite early disclosures to the vendor, there has been no response, raising concerns about the urgency of patch implementation and user vigilance. Organizations using the affected version are advised to take immediate measures to secure their devices against potential exploits.

Affected Version(s)

CP450 4.1.0cu.747_B20191224

References

https://vuldb.com/?id.273558

vdb-entrytechnical-description

https://vuldb.com/?ctiid.273558

signaturepermissions-required

https://vuldb.com/?submit.381340

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Aug 5, 2024
Vulnerability Reserved
Aug 4, 2024

Credit

yhryhryhr_tu (VulDB User)

Totolink

Badges

What is CVE-2024-7465?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit