Details of VAR-202312-0729

ID

VAR-202312-0729

CVE

CVE-2023-7095

TITLE

TOTOLINK of A7100RU Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-023725

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack

Trust: 2.16

sources: NVD: CVE-2023-7095 // JVNDB: JVNDB-2023-023725 // CNVD: CNVD-2023-101089

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-101089

AFFECTED PRODUCTS

vendor:	totolink	model:	a7100ru	scope:	eq	version:	7.4cu.2313_b20191024	Trust: 1.0
vendor:	totolink	model:	a7100ru	scope:	eq	version:	a7100ru firmware 7.4cu.2313 b20191024	Trust: 0.8
vendor:	totolink	model:	a7100ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a7100ru	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a7100ru v7.4cu.2313 b20191024	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-101089 // JVNDB: JVNDB-2023-023725 // NVD: CVE-2023-7095

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-7095
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2023-7095
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-7095
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2023-101089
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2023-7095
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2023-101089
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2023-7095
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-7095
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-101089 // JVNDB: JVNDB-2023-023725 // NVD: CVE-2023-7095 // NVD: CVE-2023-7095

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023725 // NVD: CVE-2023-7095

EXTERNAL IDS

db:	NVD	id:	CVE-2023-7095	Trust: 3.2
db:	VULDB	id:	248942	Trust: 1.8
db:	JVNDB	id:	JVNDB-2023-023725	Trust: 0.8
db:	CNVD	id:	CNVD-2023-101089	Trust: 0.6

sources: CNVD: CNVD-2023-101089 // JVNDB: JVNDB-2023-023725 // NVD: CVE-2023-7095

REFERENCES

url:	https://github.com/unpwn4bl3/iot-security/blob/main/2.md	Trust: 1.8
url:	https://vuldb.com/?id.248942	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-7095	Trust: 1.4
url:	https://vuldb.com/?ctiid.248942	Trust: 1.0

sources: CNVD: CNVD-2023-101089 // JVNDB: JVNDB-2023-023725 // NVD: CVE-2023-7095

SOURCES

db:	CNVD	id:	CNVD-2023-101089
db:	JVNDB	id:	JVNDB-2023-023725
db:	NVD	id:	CVE-2023-7095

LAST UPDATE DATE

2024-08-14T14:01:30.058000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-101089	date:	2023-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-023725	date:	2024-01-29T06:27:00
db:	NVD	id:	CVE-2023-7095	date:	2024-05-17T02:34:09.120

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-101089	date:	2023-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-023725	date:	2024-01-29T00:00:00
db:	NVD	id:	CVE-2023-7095	date:	2023-12-25T01:15:08.203