CVE-2024-0576 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setIpPortFilterRules sPort stack-based overflow

Inserito da Angelo Barbosa | Gen 16, 2024 | CVE

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-0576. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0576 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setIpPortFilterRules sPort stack-based overflow

Post correlati

CVE-2024-20720 | Adobe Commerce os command injection (apsb24-03)

CVE-2024-21849 | F5 BIG-IP Advanced WAF/BIG-IP ASM up to 16.1.3 Traffic Management Microkernel return of pointer value outside of expected range (K000135873)

CVE-2024-4797 | Campcodes Online Laundry Management System 1.0 /ajax.php name/customer_name/username cross site scripting

CVE-2023-42920 | Claris FileMaker Pro up to 20.1 on macOS Privilege Escalation