CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0573 – Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0573
A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md https://vuldb.com/?ctiid.250789 https://vuldb.com/?id.250789 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0572 – Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0572
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md https://vuldb.com/?ctiid.250788 https://vuldb.com/?id.250788 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0571 – Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0571
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md https://vuldb.com/?ctiid.250787 https://vuldb.com/?id.250787 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0295 – Totolink LR1200GB cstecgi.cgi setWanCfg os command injection
https://notcve.org/view.php?id=CVE-2024-0295
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md https://vuldb.com/?ctiid.249861 https://vuldb.com/?id.249861 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0294 – Totolink LR1200GB cstecgi.cgi setUssd os command injection
https://notcve.org/view.php?id=CVE-2024-0294
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md https://vuldb.com/?ctiid.249860 https://vuldb.com/?id.249860 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •