Sign-up

ID

VAR-202407-2336


CVE

CVE-2024-7180


DESCRIPTION

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Trust: 1.0

sources: NVD: CVE-2024-7180

AFFECTED PRODUCTS

vendor:totolinkmodel:a3600rscope:eqversion:4.1.2cu.5182_b20201102

Trust: 1.0

sources: NVD: CVE-2024-7180

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7180
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-7180
value: HIGH

Trust: 1.0

cna@vuldb.com: CVE-2024-7180
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2024-7180
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2024-7180 // NVD: CVE-2024-7180

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2024-7180

EXTERNAL IDS

db:VULDBid:272601

Trust: 1.0

db:NVDid:CVE-2024-7180

Trust: 1.0

sources: NVD: CVE-2024-7180

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3600r/setportforwardrules.md

Trust: 1.0

url:https://vuldb.com/?ctiid.272601

Trust: 1.0

url:https://vuldb.com/?id.272601

Trust: 1.0

url:https://vuldb.com/?submit.378049

Trust: 1.0

sources: NVD: CVE-2024-7180

SOURCES

db:NVDid:CVE-2024-7180

LAST UPDATE DATE

2024-08-23T22:57:51.906000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2024-7180date:2024-08-23T14:34:53.593

SOURCES RELEASE DATE

db:NVDid:CVE-2024-7180date:2024-07-29T03:15:03