CVE-2024-7217 | TOTOLINK CA300-PoE 6.2c.884 /cgi-bin/cstecgi.cgi loginauth password buffer overflow

Inserito da Angelo Barbosa | Lug 29, 2024 | CVE

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow.

This vulnerability was named CVE-2024-7217. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7217 | TOTOLINK CA300-PoE 6.2c.884 /cgi-bin/cstecgi.cgi loginauth password buffer overflow

Post correlati

CVE-2024-8368 | code-projects Hospital Management System 1.0 Login index.php username sql injection

CVE-2024-46688 | Linux Kernel up to 6.10.7 erofs z_erofs_gbuf_growsize memory leak (49c0e0819980/0005e01e1e87)

CVE-2024-38580 | Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.8.11 epoll vfs_poll denial of service

CVE-2023-51835 | TRENDnet TEW-822DRE 1.03B02 /boafrm/formSystemCheck ipv4_ping Local Privilege Escalation