Sign-up

ID

VAR-202407-2402


CVE

CVE-2024-7157


TITLE

TOTOLINK  of  A3100R  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109

DESCRIPTION

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3100R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-7157 // JVNDB: JVNDB-2024-005109

AFFECTED PRODUCTS

vendor:totolinkmodel:a3100rscope:eqversion:4.1.2cu.5050_b20200504

Trust: 1.0

vendor:totolinkmodel:a3100rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3100rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3100rscope:eqversion:a3100r firmware 4.1.2cu.5050 b20200504

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7157
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-7157
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-005109
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2024-7157
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-005109
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-7157
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2024-005109
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157 // NVD: CVE-2024-7157

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

EXTERNAL IDS

db:NVDid:CVE-2024-7157

Trust: 2.6

db:VULDBid:272571

Trust: 1.8

db:JVNDBid:JVNDB-2024-005109

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3100r/getsaveconfig.md

Trust: 1.8

url:https://vuldb.com/?id.272571

Trust: 1.8

url:https://vuldb.com/?submit.377542

Trust: 1.8

url:https://vuldb.com/?ctiid.272571

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-7157

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

SOURCES

db:JVNDBid:JVNDB-2024-005109
db:NVDid:CVE-2024-7157

LAST UPDATE DATE

2024-08-15T12:29:00.606000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-005109date:2024-08-13T01:38:00
db:NVDid:CVE-2024-7157date:2024-08-08T12:17:46.953

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-005109date:2024-08-13T00:00:00
db:NVDid:CVE-2024-7157date:2024-07-28T11:15:12.107