CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow

Inserito da Angelo Barbosa | Lug 28, 2024 | CVE

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2024-7186. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow

Post correlati

CVE-2024-2277 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery

CVE-2024-3469 | GP Premium Plugin up to 2.4.0 on WordPress cross site scripting

CVE-2024-39486 | Linux Kernel up to 6.6.36/6.9.7 drm_file drm_file_update_pid use after free (16682588ead4/0acce2a5c619/4f2a129b33a2)

CVE-2023-37890 | WPOmnia KB Support Plugin up to 1.5.88 on WordPress authorization