CVE-2023-7221

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 9, 2024
Updated: May 17, 2024
CWE ID 120

Summary

CVE-2023-7221 is a recently disclosed critical vulnerability that impacts the Totolink T6 4.1.9cu.5241_B20210923's HTTP POST Request Handler. The issue lies in the function main of the file /cgi-bin/cstecgi.cgi?action=login and stems from a buffer overflow caused by manipulating the argument v41. This vulnerability can be exploited remotely, and the associated identifier is VDB-249855. Despite early disclosure to the vendor, they have not responded or taken any remedial action. The exploit for this vulnerability is now publicly available and poses a significant risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share