CVE-2024-7157 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 cstecgi.cgi getSaveConfig http_host buffer overflow

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2024-7157. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7157 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 cstecgi.cgi getSaveConfig http_host buffer overflow

Post correlati

CVE-2023-6523 | ExtremePacs Extreme XDS up to 3914 authorization

CVE-2024-35878 | Linux Kernel up to 6.6.25/6.8.4 vsnprintf len null pointer dereference (e4a449368a2c/544561dc56f7/a1aa5390cc91)

CVE-2024-36393 | SysAid up to 23.3.38 sql injection

CVE-2023-36260 | Craft CMS 4.6.1 Feed-Me Name/Feed-Me URL denial of service