CVE-2024-0573 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setDiagnosisCfg ip stack-based overflow

Posted by Angelo Barbosa | Jan 16, 2024 | CVE

A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-0573. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0573 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setDiagnosisCfg ip stack-based overflow

Related Posts

CVE-2021-38938 | IBM Host Access Transformation Services up to 9.6.1.4/9.7.0.3 insufficiently protected credentials (XFDB-210989)

CVE-2024-32469 | Decidim up to 0.27.5/0.28.0 GET Parameter per_page cross site scripting (GHSA-7cx8-44pc-xv3q)

CVE-2023-25648 | ZTE ZXCLOUD iRAI permission assignment

CVE-2023-51034 | Totolink EX1200L 9.3.5u.6146_B20201023 cstecgi.cgi UploadFirmwareFile Privilege Escalation