CVE-2023-7221— Totolink T6 安全漏洞

Totolink T6 HTTP POST Request main buffer overflow

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Totolink T6 安全漏洞

TOTOLINK T6是中国吉翁电子（TOTOLINK）公司的一款无线双频路由器。 Totolink T6 4.1.9cu.5241_B20210923版本存在安全漏洞，该漏洞源于文件/cgi-bin/cstecgi.cgi的组件HTTP POST Request Handler存在缓冲区溢出漏洞。

N/A

N/A