CVE-2024-7462

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
8.7HIGH
EPSS
0.3%
top 47.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N350rtTotolink N350rt Firmware
Timeline
PublishedAug 5

Description

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n350rt9.3.5u.6139_B20201216
NVDtotolink/n350rt_firmware9.3.5u.6139_b20201216

🔴Vulnerability Details

2
CVEList
TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow2024-08-05
GHSA
GHSA-qpv4-m9c2-rf7q: A vulnerability classified as critical has been found in TOTOLINK N350RT 92024-08-05
CVE-2024-7462 (HIGH CVSS 8.7) | A vulnerability classified as criti | cvebase.io