CVE-2024-7179

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 29, 2024
CWE ID 120

Summary

CVE-2024-7180 is a critical vulnerability affecting the TOTOLINK A3600R 4.1.2cu.5182_B20201102 firmware. The issue lies within the setPortForwardRules function of the /cgi-bin/cstecgi.cgi file, where a buffer overflow can be triggered by manipulating the comment argument. This vulnerability can be exploited remotely, and its exploit has been made public. The vulnerability identifier VDB-272601 was assigned to it. Unfortunately, the vendor was contacted about this disclosure but did not respond.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share