CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7220 – Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7220
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md https://vuldb.com/?ctiid.249854 https://vuldb.com/?id.249854 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36340
https://notcve.org/view.php?id=CVE-2023-36340
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK NR1800X V9.1.0u.6279_B20210910 contenía un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/TOTOLINK-NR1800X.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44256
https://notcve.org/view.php?id=CVE-2022-44256
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del parámetro lang en la función setLanguageCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setLanguageCfg-ddd638b9bb2d4c72b8dba5125c293141 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41528
https://notcve.org/view.php?id=CVE-2022-41528
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro text en la función setSmsCfg • https://brief-nymphea-813.notion.site/NR1800X-bof-setSmsCfg-0f2be43baa9842d79ae6bafbded574f8 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41527
https://notcve.org/view.php?id=CVE-2022-41527
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro pppoeUser en la función setOpModeCfg • https://brief-nymphea-813.notion.site/NR1800X-bof-setOpModeCfg-2e286823203c405bbdec4305b0924a02 • CWE-787: Out-of-bounds Write •