VDB-287272 · CVE-2024-12352 · GCVE-100-287272

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi sub_40662C ssid मेमरी भ्रष्टाचार

एक दुर्बलता जी गंभीर म्हणून ओळखली गेली आहे, ती TOTOLINK EX1800T 9.1.0cu.2112_B20220316 मध्ये सापडली आहे. संबंधित आहे फंक्शन sub_40662C फाइल /cgi-bin/cstecgi.cgi च्या. सॉफ्टवेअरमध्ये ssid या आर्ग्युमेंटचे केलेले बदल मेमरी भ्रष्टाचार यास कारणीभूत ठरतात. CWE द्वारे समस्या जाहीर केल्यास CWE-121 येथे पोहोचता येते. ही दुर्बलता प्रकाशित झाली होती 08/12/2024. github.com या ठिकाणी सल्ला डाउनलोडसाठी उपलब्ध आहे. ही दुर्बलता CVE-2024-12352 म्हणून ओळखली जाते. हा हल्ला रिमोटली सुरू करता येऊ शकतो. तांत्रिक माहिती उपलब्ध आहे. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषणाची माहिती सार्वजनिक करण्यात आली आहे आणि ते वापरले जाऊ शकते. आत्ताच्या क्षणी सुमारे USD $0-$5k असण्याची शक्यता आहे. याला प्रूफ-ऑफ-कॉन्सेप्ट असे घोषित करण्यात आले आहे. शोषण डाउनलोडसाठी github.com येथे शेअर केले आहे. 0-डे म्हणून त्याची अंदाजित काळ्या बाजारातील किंमत $0-$5k एवढी होती. Once again VulDB remains the best source for vulnerability data.

8 बदल · 126 डेटा पॉइंट्स

शेत	अद्ययावत 3/7 09/12/2024 07:27 AM	अद्ययावत 4/7 10/12/2024 09:13 AM	अद्ययावत 5/7 11/12/2024 06:49 AM	अद्ययावत 6/7 23/12/2024 03:04 PM	अद्ययावत 7/7 23/12/2024 03:07 PM
software_vendor	TOTOLINK	TOTOLINK	TOTOLINK	TOTOLINK	TOTOLINK
software_name	EX1800T	EX1800T	EX1800T	EX1800T	EX1800T
software_version	9.1.0cu.2112_B20220316	9.1.0cu.2112_B20220316	9.1.0cu.2112_B20220316	9.1.0cu.2112_B20220316	9.1.0cu.2112_B20220316
software_file	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi
software_function	sub_40662C	sub_40662C	sub_40662C	sub_40662C	sub_40662C
software_argument	ssid	ssid	ssid	ssid	ssid
vulnerability_cwe	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	N	N	N	N	N
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md	https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md
source_cve	CVE-2024-12352	CVE-2024-12352	CVE-2024-12352	CVE-2024-12352	CVE-2024-12352
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	N	N	N	N	N
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	N	N	N	N	N
cvss4_vuldb_vi	N	N	N	N	N
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4	3.4	3.4
cvss3_vuldb_basescore	4.3	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9	3.9	3.9
cvss3_meta_basescore	6.2	6.2	7.1	7.1	7.1
cvss3_meta_tempscore	5.9	5.9	6.9	6.9	6.8
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1	2.1
advisory_date	1733612400 (08/12/2024)	1733612400 (08/12/2024)	1733612400 (08/12/2024)	1733612400 (08/12/2024)	1733612400 (08/12/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary	A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av	N	N	N	N	N
cvss4_cna_ac	L	L	L	L	L
cvss4_cna_at	N	N	N	N	N
cvss4_cna_pr	L	L	L	L	L
cvss4_cna_ui	N	N	N	N	N
cvss4_cna_vc	N	N	N	N	N
cvss4_cna_vi	N	N	N	N	N
cvss4_cna_va	L	L	L	L	L
cvss4_cna_sc	N	N	N	N	N
cvss4_cna_si	N	N	N	N	N
cvss4_cna_sa	N	N	N	N	N
cvss4_cna_bscore	5.3	5.3	5.3	5.3	5.3
cvss3_cna_av	N	N	N	N	N
cvss3_cna_ac	L	L	L	L	L
cvss3_cna_pr	L	L	L	L	L
cvss3_cna_ui	N	N	N	N	N
cvss3_cna_s	U	U	U	U	U
cvss3_cna_c	N	N	N	N	N
cvss3_cna_i	N	N	N	N	N
cvss3_cna_a	L	L	L	L	L
cvss3_cna_basescore	4.3	4.3	4.3	4.3	4.3
cvss2_cna_av	N	N	N	N	N
cvss2_cna_ac	L	L	L	L	L
cvss2_cna_au	S	S	S	S	S
cvss2_cna_ci	N	N	N	N	N
cvss2_cna_ii	N	N	N	N	N
cvss2_cna_ai	P	P	P	P	P
cvss2_cna_basescore	4	4	4	4	4
cvss3_researcher_av	N	N	N	N	N
cvss3_researcher_rl	W	W	W	W	W
cvss3_researcher_ac	L	L	L	L	L
cvss3_researcher_ui	N	N	N	N	N
cvss2_researcher_e	F	F	F	F	F
cvss3_researcher_rc	C	C	C	C	C
cvss2_researcher_av	N	N	N	N	N
cvss2_researcher_au	N	N	N	N	N
cvss3_researcher_pr	N	N	N	N	N
cvss2_researcher_ac	L	L	L	L	L
cvss3_researcher_a	H	H	H	H	H
cvss2_researcher_rl	W	W	W	W	W
cvss3_researcher_c	H	H	H	H	H
cvss2_researcher_rc	C	C	C	C	C
cvss2_researcher_ii	C	C	C	C	C
cvss3_researcher_s	C	C	C	C	C
cvss2_researcher_ci	C	C	C	C	C
cvss2_researcher_ai	C	C	C	C	C
cvss3_researcher_i	H	H	H	H	H
cvss3_researcher_e	F	F	F	P	P
cvss2_researcher_basescore	10.0	10.0	10.0	10.0	10.0
cvss3_researcher_basescore	10.0	10.0	10.0	10.0	10.0
exploit_language		PHP	PHP	PHP	PHP
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como problemática en TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Esta vulnerabilidad afecta a la función sub_40662C del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento ssid provoca un desbordamiento de búfer en la región stack de la memoria . El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Esta vulnerabilidad afecta a la función sub_40662C del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento ssid provoca un desbordamiento de búfer en la región stack de la memoria . El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Esta vulnerabilidad afecta a la función sub_40662C del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento ssid provoca un desbordamiento de búfer en la región stack de la memoria . El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
cvss3_nvd_av			N	N	N
cvss3_nvd_ac			L	L	L
cvss3_nvd_pr			N	N	N
cvss3_nvd_ui			N	N	N
cvss3_nvd_s			U	U	U
cvss3_nvd_c			H	H	H
cvss3_nvd_i			H	H	H
cvss3_nvd_a			H	H	H
cvss3_nvd_basescore			9.8	9.8	9.8
vulnerability_historic				0	0

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!