| عنوان | TOTOLINK LR1200GB V9.3.5u.6698_B20230810 Buffer Overflow |
|---|
| الوصف | A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated and potentially can get a Remote Code Execution due to a stack overflow vulnerability in the web interface.The loginAuth function within the cstecgi.cgi implementation handles the authentication process, parsing parameters such as username, password, verify, flag, and topicurl from the incoming request but there are some hidden parameters like http_host which can be given from the client has a stack based buffer overflow which might lead to authentication bypass and potential RCE. |
|---|
| المصدر | ⚠️ https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984 |
|---|
| المستخدم | manish1017 (UID 63661) |
|---|
| ارسال | 14/02/2024 04:16 AM (2 سنوات منذ) |
|---|
| الاعتدال | 22/02/2024 08:00 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 254574 [Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810 Web Interface /cgi-bin/cstecgi.cgi loginAuth http_host تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|