CVE-2024-7463

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
8.7HIGH
EPSS
15.1%
top 5.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Cp900Totolink Cp900 Firmware
Timeline
PublishedAug 5

Description

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/cp9006.3c.566

🔴Vulnerability Details

2
GHSA
GHSA-gvxp-jjpg-qxx5: A vulnerability classified as critical was found in TOTOLINK CP900 62024-08-05
CVEList
TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow2024-08-05
CVE-2024-7463 (HIGH CVSS 8.7) | A vulnerability classified as criti | cvebase.io