CVE-2023-7221

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 35.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T6Totolink T6 Firmware
Timeline
PublishedJan 9

Description

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5totolink/t64.1.9cu.5241_B20210923
NVDtotolink/t6_firmware4.1.9cu.5241_b20210923

🔴Vulnerability Details

2
CVEList
Totolink T6 HTTP POST Request main buffer overflow2024-01-09
GHSA
GHSA-c653-w7m8-34r2: A vulnerability was found in Totolink T6 42024-01-09
CVE-2023-7221 (CRITICAL CVSS 9.8) | A vulnerability was found in Totoli | cvebase.io