CVE-2024-7187

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 29, 2024
CWE ID 120

Summary

CVE-2024-7187 is a critical vulnerability affecting TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue lies in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file. An attacker can manipulate the File argument to induce a buffer overflow, leading to potential code execution. The exploit can be initiated remotely, increasing the risk. Although the vendor was notified, no response was received, and the vulnerability identifier is VDB-272608. The public disclosure of the exploit adds urgency for users to implement appropriate security measures.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share