| عنوان | TOTOLINK N600R firmware V4.3.0cu.7866_B20220506 Buffer Overflow |
|---|
| الوصف | A buffer overflow vulnerability has been identified in the TOTOLINK N600R router firmware that allows remote attackers to potentially execute arbitrary code or cause denial of service through malformed HTTP requests. The vulnerable code is within the setWiFiBasicConfig function in cstecgi.cgi. It extracts the `wepkey` parameter into `v13` and passes it into the `strcpy` function. When `wepkey` is specified with excessive data, a buffer overflow occurs. |
|---|
| المصدر | ⚠️ https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md |
|---|
| المستخدم | z472421519 (UID 91218) |
|---|
| ارسال | 01/10/2025 10:23 PM (9 أشهر منذ) |
|---|
| الاعتدال | 07/10/2025 03:19 PM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327381 [TOTOLINK N600R حتى 4.3.0cu.7866_B20220506 HTTP Request /cgi-bin/cstecgi.cgi setWiFiBasicConfig wepkey تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|