CVE-2024-7180

HIGH

TOTOLINK A3600R 4.1.2cu.5182_B20201102 - Buffer Overflow in setPortForwardRules via Comment Argument

Title source: llm
STIX 2.1

Description

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.272601
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.272601
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.378049

Scores

CVSS v3 8.8
EPSS 0.0109
EPSS Percentile 61.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
totolink/a3600r_firmware 4.1.2cu.5182_b20201102
Published Jul 29, 2024
Tracked Since Feb 18, 2026