← back
CVE-2023-7220

Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow

CVSS 9.8 CRITICALEPSS 1.5%CWE-121
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 1.5%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
09 Jan 2024Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Totolink · NR1800X
public PoCs found1
cve_referencegithub.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.mdhttps://vuldb.com/?ctiid.249854https://vuldb.com/?id.249854