CVE-2023-7222 – Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2023-7222
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md https://vuldb.com/?ctiid.249856 https://vuldb.com/?id.249856 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-7221 – Totolink T6 HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7221
A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md https://vuldb.com/?ctiid.249855 https://vuldb.com/?id.249855 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-7220 – Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7220
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md https://vuldb.com/?ctiid.249854 https://vuldb.com/?id.249854 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-7219 – Totolink N350RT cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7219
A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/5/README.md https://vuldb.com/?ctiid.249853 https://vuldb.com/?id.249853 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-7218 – Totolink N350RT cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7218
A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md https://vuldb.com/?ctiid.249852 https://vuldb.com/?id.249852 • CWE-121: Stack-based Buffer Overflow •