CVE-2024-7465

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 5, 2024

Updated: Aug 15, 2024

CWE ID 120

Summary

CVE-2024-7465 is a critical vulnerability affecting the TOTOLINK CP450 4.1.0cu.747_B20191224 firmware. The issue lies in the loginauth function of the /cgi-bin/cstecgi.cgi file, which can be exploited through a buffer overflow caused by manipulating the http_host argument. This vulnerability can be exploited remotely, meaning an attacker does not need physical access to the affected device. The exploit for this vulnerability has been disclosed to the public, increasing the risk for potential attacks. VDB-273555 is the identifier for this vulnerability, and unfortunately, the vendor has not responded to disclosure attempts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database