CVE-2024-7187
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jul 29, 2024
CWE ID 120
Summary
CVE-2024-7187 is a critical vulnerability affecting TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue lies in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file. An attacker can manipulate the File argument to induce a buffer overflow, leading to potential code execution. The exploit can be initiated remotely, increasing the risk. Although the vendor was notified, no response was received, and the vulnerability identifier is VDB-272608. The public disclosure of the exploit adds urgency for users to implement appropriate security measures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- TOTOLINK