CVE-2024-7172

Summary

CVE-2024-7172 is a newly disclosed critical vulnerability that affects the TOTOLINK A3600R 4.1.2cu.5180_B20201102 firmware. The issue lies in the getSaveConfig function of the /cgi-bin/cstecgi.cgi?action=save&setting file, where manipulation of the argument http_host can lead to a buffer overflow. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary code. The exploit for this vulnerability has been made public, increasing the risk for potential attacks. The identifier VDB-272593 has been assigned to this vulnerability, and the vendor was notified but did not respond to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.