CVE-2024-0576
Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en Totolink LR1200GB 9.1.0u.6619_B20230130. Ha sido declarada crítica. Esta vulnerabilidad afecta a la función setIpPortFilterRules del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento sPort provoca un desbordamiento de búfer en la región stack de la memoria . El ataque se puede iniciar de forma remota. La explotación ha sido divulgada al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250792. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
In Totolink LR1200GB 9.1.0u.6619_B20230130 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion setIpPortFilterRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments sPort mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-16 CVE Reserved
- 2024-01-16 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- 2024-12-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.250792 | Technical Description |
URL | Date | SRC |
---|---|---|
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Totolink Search vendor "Totolink" | Lr1200gb Firmware Search vendor "Totolink" for product "Lr1200gb Firmware" | 9.1.0u.6619_b20230130 Search vendor "Totolink" for product "Lr1200gb Firmware" and version "9.1.0u.6619_b20230130" | - |
Affected
| in | Totolink Search vendor "Totolink" | Lr1200gb Search vendor "Totolink" for product "Lr1200gb" | - | - |
Safe
|