Sign-up

ID

VAR-202407-2398


CVE

CVE-2024-7184


DESCRIPTION

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Trust: 1.0

sources: NVD: CVE-2024-7184

AFFECTED PRODUCTS

vendor:totolinkmodel:a3600rscope:eqversion:4.1.2cu.5182_b20201102

Trust: 1.0

sources: NVD: CVE-2024-7184

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7184
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-7184
value: HIGH

Trust: 1.0

cna@vuldb.com: CVE-2024-7184
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2024-7184
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2024-7184 // NVD: CVE-2024-7184

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2024-7184

EXTERNAL IDS

db:VULDBid:272605

Trust: 1.0

db:NVDid:CVE-2024-7184

Trust: 1.0

sources: NVD: CVE-2024-7184

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3600r/seturlfilterrules.md

Trust: 1.0

url:https://vuldb.com/?ctiid.272605

Trust: 1.0

url:https://vuldb.com/?id.272605

Trust: 1.0

url:https://vuldb.com/?submit.378053

Trust: 1.0

sources: NVD: CVE-2024-7184

SOURCES

db:NVDid:CVE-2024-7184

LAST UPDATE DATE

2024-08-23T23:02:38.412000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2024-7184date:2024-08-23T14:32:00.667

SOURCES RELEASE DATE

db:NVDid:CVE-2024-7184date:2024-07-29T05:15:02.203