CVE-2024-0575Stack-based Buffer Overflow in Lr1200gb

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.8
EPSS
0.4%
top 39.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Lr1200gbTotolink Lr1200gb Firmware
Timeline
PublishedJan 16

Description

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but di

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5totolink/lr1200gb9.1.0u.6619_B20230130
NVDtotolink/lr1200gb_firmware9.1.0u.6619_b20230130

🔴Vulnerability Details

2
CVEList
Totolink LR1200GB cstecgi.cgi setTracerouteCfg stack-based overflow2024-01-16
GHSA
GHSA-rvr5-9pgv-pj7m: A vulnerability was found in Totolink LR1200GB 92024-01-16
CVE-2024-0575 — Stack-based Buffer Overflow in Lr1200gb | cvebase