CVE-2023-40042

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 8, 2023

Updated: Aug 11, 2023

CWE ID 787

Summary

CVE-2023-40042 is a stack-based buffer overflow vulnerability affecting the TOTOLINK T10_v2 5.9c.5061_B20200511 firmware. The issue lies in the setStaticDhcpConfig function within the /lib/cste_modules/lan.so module. An attacker can exploit this vulnerability by sending specially crafted MQTT packets with malicious data in the comment parameter. By controlling the return address in the stack, the attacker can execute arbitrary code on the affected device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRHo0R
https://www.cve.org/CVERecord?id=CVE-2023-40042
https://nvd.nist.gov/vuln/detail/CVE-2023-40042

Back to Vulnerability Database

CVE-2023-40042

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations