CVE-2024-1002 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setIpPortFilterRules ePort stack-based overflow

Posted by Angelo Barbosa | Jan 29, 2024 | CVE

A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-1002. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1002 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setIpPortFilterRules ePort stack-based overflow

Related Posts

CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection

CVE-2024-5421 | SEH Computertechnik utnserver Pro/utnserver ProMAX/INU-100 up to 20.1.22 Web Interface os command injection

CVE-2024-29792 | Unlimited Elements for Elementor Plugin up to 1.5.93 on WordPress cross site scripting

CVE-2023-40264 | Atos Unify OpenScape Voice Trace Manager prior V8 R0.9.11 User Interface path traversal