CVE-2024-7176
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7176 is a critical vulnerability affecting the TOTOLINK A3600R 4.1.2cu.5180_B20201102 firmware. The issue lies in the setIpQosRules function of the /cgi-bin/cstecgi.cgi file, which can be exploited through manipulation of the argument "comment." This manipulation results in a buffer overflow, creating an opportunity for remote attackers to execute arbitrary code. The exploit for this vulnerability has already been disclosed to the public, increasing the risk for potential exploitation. The Vulnerability Database has assigned the identifier VDB-272597 to this issue. Regrettably, the vendor was notified but failed to respond to the disclosure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK