CVE-2024-7154 | TOTOLINK A3700R 9.1.2u.5822_B20200513 Password Reset /wizard.html access control

Inserito da Angelo Barbosa | Lug 27, 2024 | CVE

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls.

This vulnerability is traded as CVE-2024-7154. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7154 | TOTOLINK A3700R 9.1.2u.5822_B20200513 Password Reset /wizard.html access control

Post correlati

CVE-2021-47623 | Linux Kernel up to 5.10.100/5.15.23/5.16.9 fixmap __set_fixmap information disclosure

CVE-2024-30925 | jeffpiazza DerbyNet 9.0 photo-thumbs.php racerid/back cross site scripting

CVE-2024-30635 | Tenda F1202 1.2.0.20(408) /goform/setcfm formSetCfm funcpara1 stack-based overflow

CVE-2024-28575 | FreeImage 3.19.0 r1909 J2K Image opj_j2k_read_mct buffer overflow