CVE-2024-7157Classic Buffer Overflow in A3100r

CWE-120Classic Buffer Overflow5 documents4 sources
Severity
8.7HIGHNVD
EPSS
7.6%
top 8.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3100rTotolink A3100r Firmware
Timeline
PublishedJul 28
Latest updateJan 29

Description

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a3100r4.1.2cu.5050_B20200504
NVDtotolink/a3100r_firmware4.1.2cu.5050_b20200504

🔴Vulnerability Details

4
OSV
php7.0 vulnerabilities2025-01-29
OSV
php7.4 regression2024-12-13
CVEList
TOTOLINK A3100R getSaveConfig buffer overflow2024-07-28
GHSA
GHSA-g7wm-rhw5-7wrp: A vulnerability was found in TOTOLINK A3100R 42024-07-28
CVE-2024-7157 — Classic Buffer Overflow in A3100r | cvebase