CVE-2024-1783 | Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810 Web Interface /cgi-bin/cstecgi.cgi loginAuth http_host stack-based overflow

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow.

This vulnerability is traded as CVE-2024-1783. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1783 | Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810 Web Interface /cgi-bin/cstecgi.cgi loginAuth http_host stack-based overflow

Related Posts

CVE-2024-3279 | mintplex-labs anything-llm 0.0.1/0.1.0 access control

CVE-2024-28134 | Phoenix Contact CHARX SEC-3150 up to 1.5.1 Session Token cleartext transmission (VDE-2024-019)

CVE-2023-41612 | Victure PC420 1.1.39 Micro SD Card enabled_telnet.dat inadequate encryption

CVE-2024-38182 | Microsoft Dynamics 365 Field Service On-Premises v7 weak authentication