CVE-2024-1783
Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 2.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
23 Feb 2024Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Totolink · LR1200GBpublic PoCs found — 1
cve_referencegist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →