CVE-2024-1000 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setTracerouteCfg command stack-based overflow

Posted by Angelo Barbosa | Jan 29, 2024 | CVE

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow.

The identification of this vulnerability is CVE-2024-1000. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1000 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setTracerouteCfg command stack-based overflow

Related Posts

CVE-2024-34073 | Amazon sagemaker-python-sdk up to 2.214.2 os command injection (GHSA-7pc3-pr3q-58vg)

CVE-2022-32756 | IBM Security Verify Directory 10.0.0 information exposure (XFDB-228507)

CVE-2024-33955 | Theme Freesia Freesia Empire Plugin up to 1.4.1 on WordPress cross site scripting

CVE-2024-27130 | QNAP QTS/QuTS hero buffer overflow (qsa-24-23)