CVE-2023-7221
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-7221 is a recently disclosed critical vulnerability that impacts the Totolink T6 4.1.9cu.5241_B20210923's HTTP POST Request Handler. The issue lies in the function main of the file /cgi-bin/cstecgi.cgi?action=login and stems from a buffer overflow caused by manipulating the argument v41. This vulnerability can be exploited remotely, and the associated identifier is VDB-249855. Despite early disclosure to the vendor, they have not responded or taken any remedial action. The exploit for this vulnerability is now publicly available and poses a significant risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK