CVE-2024-7908
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-7908 is a critical vulnerability affecting TOTOLINK EX1200L's 9.3.5u.6146_B20201023 firmware. The function setDefResponse in the /www/cgi-bin/cstecgi.cgi file contains a stack-based buffer overflow, which can be triggered by manipulating the argument IpAddress. This vulnerability can be exploited remotely, allowing attackers to potentially gain unauthorized access to the affected device. The exploit for this vulnerability has been disclosed to the public, increasing the risk of potential attacks. Regrettably, the vendor has not responded to early disclosure notifications.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK