CVE-2024-7213Classic Buffer Overflow in A7000r

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.7%
top 27.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A7000rTotolink A7000r Firmware
Timeline
PublishedJul 30

Description

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a7000r9.1.0u.6268_B20220504
NVDtotolink/a7000r_firmware9.1.0u.6268_b20220504

🔴Vulnerability Details

2
CVEList
TOTOLINK A7000R cstecgi.cgi setWizardCfg buffer overflow2024-07-30
GHSA
GHSA-m3gj-m97q-954q: A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 92024-07-30
CVE-2024-7213 — Classic Buffer Overflow in A7000r | cvebase