| Título | Totolink N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration |
|---|
| Descripción | [NAME OF AFFECTED PRODUCT(S)] : Totolink N200RE_V5
[AFFECTED VERSION(S)] : V9.3.5u.6255_B20211224
[PROBLEM TYPE] : Insufficient Session Expiration
[CWE] : CWE-613: Insufficient Session Expiration
[Affected source code file] : cstecgi.cgi(web : /cgi-bin/cstecgi.cgi)
[DESCRIPTION]:
The login token does not expire after logging out.
Totolink indicates the vulnerability has been fully patched in version V9.3.5u.6255_B20211224 and the latest patched version can be downloaded at https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/204/ids/36.html
Demo Video : https://youtu.be/b0tU2CiLbnU |
|---|
| Fuente | ⚠️ https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing |
|---|
| Usuario | lin7lic (UID 39301) |
|---|
| Sumisión | 2024-01-18 07:00 (hace 2 años) |
|---|
| Moderación | 2024-01-26 13:37 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 252186 [Totolink N200RE V5 9.3.5u.6255_B20211224 /cgi-bin/cstecgi.cgi autenticación débil] |
|---|
| Puntos | 20 |
|---|