CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow

Inserito da Angelo Barbosa | Lug 28, 2024 | CVE

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2024-7186. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow

Post correlati

CVE-2021-47319 | Linux Kernel up to 5.13.3 virtio-blk memory leak

CVE-2023-49356 | MP3Gain 1.6.2 apetag.c WriteMP3GainAPETag stack-based overflow

CVE-2024-35388 | Totolink NR1800X 9.1.0u.6681_B20230703 urldecode password stack-based overflow

CVE-2023-33038 | Qualcomm 8 Gen 1 Mobile Platform Bus Socket Transport Server memory corruption