Details of VAR-202401-0386

ID

VAR-202401-0386

CVE

CVE-2023-7221

TITLE

TOTOLINK of t6 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001173

DESCRIPTION

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of t6 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router made by China's Zeon Electronics (TOTOLINK) company. Remote attackers can exploit this vulnerability. Execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2023-7221 // JVNDB: JVNDB-2024-001173 // CNVD: CNVD-2024-04917

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-04917

AFFECTED PRODUCTS

vendor:	totolink	model:	t6	scope:	eq	version:	4.1.9cu.5241_b20210923	Trust: 1.0
vendor:	totolink	model:	t6	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	t6 firmware 4.1.9cu.5241 b20210923	Trust: 0.8
vendor:	totolink	model:	t6	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t6 4.1.9cu.5241 b20210923	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-04917 // JVNDB: JVNDB-2024-001173 // NVD: CVE-2023-7221

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-7221
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2023-7221
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-7221
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2024-04917
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2023-7221
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2024-04917
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2023-7221
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-7221
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-04917 // JVNDB: JVNDB-2024-001173 // NVD: CVE-2023-7221 // NVD: CVE-2023-7221

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001173 // NVD: CVE-2023-7221

EXTERNAL IDS

db:	NVD	id:	CVE-2023-7221	Trust: 3.2
db:	VULDB	id:	249855	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-001173	Trust: 0.8
db:	CNVD	id:	CNVD-2024-04917	Trust: 0.6

sources: CNVD: CNVD-2024-04917 // JVNDB: JVNDB-2024-001173 // NVD: CVE-2023-7221

REFERENCES

url:	https://github.com/jylsec/vuldb/blob/main/totolink/t6/1/readme.md	Trust: 1.8
url:	https://vuldb.com/?id.249855	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-7221	Trust: 1.4
url:	https://vuldb.com/?ctiid.249855	Trust: 1.0

sources: CNVD: CNVD-2024-04917 // JVNDB: JVNDB-2024-001173 // NVD: CVE-2023-7221

SOURCES

db:	CNVD	id:	CNVD-2024-04917
db:	JVNDB	id:	JVNDB-2024-001173
db:	NVD	id:	CVE-2023-7221

LAST UPDATE DATE

2024-08-14T14:09:37.067000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-04917	date:	2024-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-001173	date:	2024-02-01T01:54:00
db:	NVD	id:	CVE-2023-7221	date:	2024-05-17T02:34:19.263

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-04917	date:	2024-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-001173	date:	2024-02-01T00:00:00
db:	NVD	id:	CVE-2023-7221	date:	2024-01-09T14:15:46.200