Search

Find a vulnerability

Search criteria

    48 vulnerabilities found for a3600r_firmware by totolink

    CVE-2026-31027 (GCVE-0-2026-31027)

    Vulnerability from nvd – Published: 2026-04-01 00:00 – Updated: 2026-04-01 18:23
    VLAI
    Summary
    TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:22:17.011067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:23:53.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T15:37:35.338Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/rootSsid-setAppEasyWizardConfig.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-31027",
        "datePublished": "2026-04-01T00:00:00.000Z",
        "dateReserved": "2026-03-09T00:00:00.000Z",
        "dateUpdated": "2026-04-01T18:23:53.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5020 (GCVE-0-2026-5020)

    Vulnerability from nvd – Published: 2026-03-29 00:30 – Updated: 2026-04-01 14:20
    VLAI
    Title
    Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection
    Summary
    A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Totolink A3600R Affected: 4.1.2cu.5182_B20201102
        cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5020",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:18:30.735615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T14:20:46.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Parameter Handler"
              ],
              "product": "A3600R",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-29T00:30:15.157Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-353905 | Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/353905"
            },
            {
              "name": "VDB-353905 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/353905/cti"
            },
            {
              "name": "Submit #779536 | TOTOLINK A3600R A3600R V4.1.2cu.5182_B20201102 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/779536"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK_A3600R_setNoticeCfg-32253a41781f80c197eaf8e7558c5ed1?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-27T15:20:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-5020",
        "datePublished": "2026-03-29T00:30:15.157Z",
        "dateReserved": "2026-03-27T14:15:43.882Z",
        "dateUpdated": "2026-04-01T14:20:46.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1686 (GCVE-0-2026-1686)

    Vulnerability from nvd – Published: 2026-01-30 15:02 – Updated: 2026-02-23 09:09
    VLAI
    Title
    Totolink A3600R app.so setAppEasyWizardConfig buffer overflow
    Summary
    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Totolink A3600R Affected: 5.9c.4959
        cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Abcd1234 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T15:32:50.894933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T15:34:05.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "A3600R",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.9c.4959"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Abcd1234 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:09:13.406Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-343480 | Totolink A3600R app.so setAppEasyWizardConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.343480"
            },
            {
              "name": "VDB-343480 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.343480"
            },
            {
              "name": "Submit #740888 | TOTOLINK A3600R V5.9c.4959 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.740888"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-30T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-31T10:40:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink A3600R app.so setAppEasyWizardConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-1686",
        "datePublished": "2026-01-30T15:02:08.241Z",
        "dateReserved": "2026-01-30T07:42:17.946Z",
        "dateUpdated": "2026-02-23T09:09:13.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7187 (GCVE-0-2024-7187)

    Vulnerability from nvd – Published: 2024-07-29 06:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272608 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272608 signaturepermissions-required
    https://vuldb.com/?submit.378291 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7187",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T13:13:04.849395Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:04:11.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272608 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272608"
              },
              {
                "name": "VDB-272608 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272608"
              },
              {
                "name": "Submit #378291 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378291"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T06:31:04.399Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272608 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272608"
            },
            {
              "name": "VDB-272608 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272608"
            },
            {
              "name": "Submit #378291 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7187",
        "datePublished": "2024-07-29T06:31:04.399Z",
        "dateReserved": "2024-07-28T05:35:48.426Z",
        "dateUpdated": "2024-08-01T21:52:30.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7186 (GCVE-0-2024-7186)

    Vulnerability from nvd – Published: 2024-07-29 06:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272607 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272607 signaturepermissions-required
    https://vuldb.com/?submit.378055 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r Affected: 4.1.2
        cpe:2.3:h:totolink:a3600r:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:totolink:a3600r:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7186",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:58:05.567642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:00:19.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272607 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272607"
              },
              {
                "name": "VDB-272607 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272607"
              },
              {
                "name": "Submit #378055 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378055"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion setWiFiAclAddConfig der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T06:00:09.895Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272607 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272607"
            },
            {
              "name": "VDB-272607 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272607"
            },
            {
              "name": "Submit #378055 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378055"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7186",
        "datePublished": "2024-07-29T06:00:09.895Z",
        "dateReserved": "2024-07-28T05:35:37.042Z",
        "dateUpdated": "2024-08-01T21:52:30.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7185 (GCVE-0-2024-7185)

    Vulnerability from nvd – Published: 2024-07-29 05:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272606 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272606 signaturepermissions-required
    https://vuldb.com/?submit.378054 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7185",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T14:33:43.138762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T16:18:55.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272606 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272606"
              },
              {
                "name": "VDB-272606 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272606"
              },
              {
                "name": "Submit #378054 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378054"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion setWebWlanIdx der Datei /cgi-bin/cstecgi.cgi. Durch Manipulation des Arguments webWlanIdx mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T05:31:03.591Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272606 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272606"
            },
            {
              "name": "VDB-272606 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272606"
            },
            {
              "name": "Submit #378054 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378054"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7185",
        "datePublished": "2024-07-29T05:31:03.591Z",
        "dateReserved": "2024-07-28T05:35:32.926Z",
        "dateUpdated": "2024-08-01T21:52:30.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7184 (GCVE-0-2024-7184)

    Vulnerability from nvd – Published: 2024-07-29 05:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow
    Summary
    A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272605 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272605 signaturepermissions-required
    https://vuldb.com/?submit.378053 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7184",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:41:28.157461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T18:33:30.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272605 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272605"
              },
              {
                "name": "VDB-272605 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272605"
              },
              {
                "name": "Submit #378053 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378053"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setUrlFilterRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T05:00:07.143Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272605 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272605"
            },
            {
              "name": "VDB-272605 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272605"
            },
            {
              "name": "Submit #378053 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378053"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7184",
        "datePublished": "2024-07-29T05:00:07.143Z",
        "dateReserved": "2024-07-28T05:35:29.172Z",
        "dateUpdated": "2024-08-01T21:52:30.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7183 (GCVE-0-2024-7183)

    Vulnerability from nvd – Published: 2024-07-29 04:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272604 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272604 signaturepermissions-required
    https://vuldb.com/?submit.378052 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7183",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:57:11.271280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:04:48.555Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272604 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272604"
              },
              {
                "name": "VDB-272604 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272604"
              },
              {
                "name": "Submit #378052 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378052"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setUploadSetting der Datei /cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T04:31:04.254Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272604 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272604"
            },
            {
              "name": "VDB-272604 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272604"
            },
            {
              "name": "Submit #378052 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378052"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7183",
        "datePublished": "2024-07-29T04:31:04.254Z",
        "dateReserved": "2024-07-28T05:35:25.414Z",
        "dateUpdated": "2024-08-01T21:52:30.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7182 (GCVE-0-2024-7182)

    Vulnerability from nvd – Published: 2024-07-29 04:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow
    Summary
    A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272603 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272603 signaturepermissions-required
    https://vuldb.com/?submit.378051 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploitpatch
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7182",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:31:51.827854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T16:09:09.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272603 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272603"
              },
              {
                "name": "VDB-272603 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272603"
              },
              {
                "name": "Submit #378051 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378051"
              },
              {
                "tags": [
                  "exploit",
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setUpgradeFW der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T04:00:06.814Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272603 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272603"
            },
            {
              "name": "VDB-272603 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272603"
            },
            {
              "name": "Submit #378051 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378051"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7182",
        "datePublished": "2024-07-29T04:00:06.814Z",
        "dateReserved": "2024-07-28T05:35:21.267Z",
        "dateUpdated": "2024-08-01T21:52:30.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7181 (GCVE-0-2024-7181)

    Vulnerability from nvd – Published: 2024-07-29 03:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection
    Summary
    A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272602 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272602 signaturepermissions-required
    https://vuldb.com/?submit.378050 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7181",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:26:49.861827Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T13:27:22.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272602 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272602"
              },
              {
                "name": "VDB-272602 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272602"
              },
              {
                "name": "Submit #378050 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Command Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378050"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion setTelnetCfg der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation des Arguments telnet_enabled mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T03:31:04.422Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272602 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272602"
            },
            {
              "name": "VDB-272602 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272602"
            },
            {
              "name": "Submit #378050 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378050"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7181",
        "datePublished": "2024-07-29T03:31:04.422Z",
        "dateReserved": "2024-07-28T05:35:17.289Z",
        "dateUpdated": "2024-08-01T21:52:30.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7180 (GCVE-0-2024-7180)

    Vulnerability from nvd – Published: 2024-07-29 03:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow
    Summary
    A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272601 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272601 signaturepermissions-required
    https://vuldb.com/?submit.378049 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7180",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T17:44:05.862291Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T20:56:03.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272601 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272601"
              },
              {
                "name": "VDB-272601 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272601"
              },
              {
                "name": "Submit #378049 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378049"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion setPortForwardRules der Datei /cgi-bin/cstecgi.cgi. Durch Beeinflussen des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T03:00:09.470Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272601 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272601"
            },
            {
              "name": "VDB-272601 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272601"
            },
            {
              "name": "Submit #378049 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378049"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7180",
        "datePublished": "2024-07-29T03:00:09.470Z",
        "dateReserved": "2024-07-28T05:35:13.996Z",
        "dateUpdated": "2024-08-01T21:52:30.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7179 (GCVE-0-2024-7179)

    Vulnerability from nvd – Published: 2024-07-29 02:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272600 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272600 signaturepermissions-required
    https://vuldb.com/?submit.378048 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7179",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:48:39.727885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T13:50:07.105Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272600 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272600"
              },
              {
                "name": "VDB-272600 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272600"
              },
              {
                "name": "Submit #378048 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378048"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Davon betroffen ist die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments startTime/endTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T02:31:03.995Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272600 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272600"
            },
            {
              "name": "VDB-272600 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272600"
            },
            {
              "name": "Submit #378048 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378048"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7179",
        "datePublished": "2024-07-29T02:31:03.995Z",
        "dateReserved": "2024-07-28T05:35:09.275Z",
        "dateUpdated": "2024-08-01T21:52:30.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7178 (GCVE-0-2024-7178)

    Vulnerability from nvd – Published: 2024-07-29 02:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272599 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272599 signaturepermissions-required
    https://vuldb.com/?submit.378045 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7178",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:39:44.250928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T17:03:38.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272599 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272599"
              },
              {
                "name": "VDB-272599 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272599"
              },
              {
                "name": "Submit #378045 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378045"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion setMacQos der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments priority/macAddress mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T02:00:08.334Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272599 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272599"
            },
            {
              "name": "VDB-272599 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272599"
            },
            {
              "name": "Submit #378045 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378045"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7178",
        "datePublished": "2024-07-29T02:00:08.334Z",
        "dateReserved": "2024-07-28T05:35:05.576Z",
        "dateUpdated": "2024-08-01T21:52:30.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7177 (GCVE-0-2024-7177)

    Vulnerability from nvd – Published: 2024-07-29 01:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272598 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272598 signaturepermissions-required
    https://vuldb.com/?submit.378044 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T14:06:30.002064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:07:34.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272598 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272598"
              },
              {
                "name": "VDB-272598 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272598"
              },
              {
                "name": "Submit #378044 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378044"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Dabei betrifft es die Funktion setLanguageCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments langType mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T01:31:03.907Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272598 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272598"
            },
            {
              "name": "VDB-272598 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272598"
            },
            {
              "name": "Submit #378044 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378044"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7177",
        "datePublished": "2024-07-29T01:31:03.907Z",
        "dateReserved": "2024-07-28T05:35:01.446Z",
        "dateUpdated": "2024-08-01T21:52:31.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7176 (GCVE-0-2024-7176)

    Vulnerability from nvd – Published: 2024-07-29 01:01 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272597 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272597 signaturepermissions-required
    https://vuldb.com/?submit.378043 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7176",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:29:07.777033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T13:29:18.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272597 | TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272597"
              },
              {
                "name": "VDB-272597 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272597"
              },
              {
                "name": "Submit #378043 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378043"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setIpQosRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Dies betrifft die Funktion setIpQosRules der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T01:01:19.532Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272597 | TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272597"
            },
            {
              "name": "VDB-272597 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272597"
            },
            {
              "name": "Submit #378043 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378043"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setIpQosRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7176",
        "datePublished": "2024-07-29T01:01:19.532Z",
        "dateReserved": "2024-07-28T05:34:57.559Z",
        "dateUpdated": "2024-08-01T21:52:30.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7175 (GCVE-0-2024-7175)

    Vulnerability from nvd – Published: 2024-07-29 00:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection
    Summary
    A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272596 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272596 signaturepermissions-required
    https://vuldb.com/?submit.378042 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7175",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T17:47:53.428279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T20:56:35.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272596 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272596"
              },
              {
                "name": "VDB-272596 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272596"
              },
              {
                "name": "Submit #378042 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378042"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion setDiagnosisCfg der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments ipDoamin mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T00:31:04.158Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272596 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272596"
            },
            {
              "name": "VDB-272596 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272596"
            },
            {
              "name": "Submit #378042 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378042"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:39:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7175",
        "datePublished": "2024-07-29T00:31:04.158Z",
        "dateReserved": "2024-07-28T05:34:53.160Z",
        "dateUpdated": "2024-08-01T21:52:30.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-31027 (GCVE-0-2026-31027)

    Vulnerability from cvelistv5 – Published: 2026-04-01 00:00 – Updated: 2026-04-01 18:23
    VLAI
    Summary
    TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:22:17.011067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:23:53.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T15:37:35.338Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/rootSsid-setAppEasyWizardConfig.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-31027",
        "datePublished": "2026-04-01T00:00:00.000Z",
        "dateReserved": "2026-03-09T00:00:00.000Z",
        "dateUpdated": "2026-04-01T18:23:53.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5020 (GCVE-0-2026-5020)

    Vulnerability from cvelistv5 – Published: 2026-03-29 00:30 – Updated: 2026-04-01 14:20
    VLAI
    Title
    Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection
    Summary
    A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Totolink A3600R Affected: 4.1.2cu.5182_B20201102
        cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5020",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:18:30.735615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T14:20:46.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Parameter Handler"
              ],
              "product": "A3600R",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-29T00:30:15.157Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-353905 | Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/353905"
            },
            {
              "name": "VDB-353905 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/353905/cti"
            },
            {
              "name": "Submit #779536 | TOTOLINK A3600R A3600R V4.1.2cu.5182_B20201102 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/779536"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK_A3600R_setNoticeCfg-32253a41781f80c197eaf8e7558c5ed1?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-27T15:20:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-5020",
        "datePublished": "2026-03-29T00:30:15.157Z",
        "dateReserved": "2026-03-27T14:15:43.882Z",
        "dateUpdated": "2026-04-01T14:20:46.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1686 (GCVE-0-2026-1686)

    Vulnerability from cvelistv5 – Published: 2026-01-30 15:02 – Updated: 2026-02-23 09:09
    VLAI
    Title
    Totolink A3600R app.so setAppEasyWizardConfig buffer overflow
    Summary
    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Totolink A3600R Affected: 5.9c.4959
        cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Abcd1234 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T15:32:50.894933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T15:34:05.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "A3600R",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.9c.4959"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Abcd1234 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:09:13.406Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-343480 | Totolink A3600R app.so setAppEasyWizardConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.343480"
            },
            {
              "name": "VDB-343480 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.343480"
            },
            {
              "name": "Submit #740888 | TOTOLINK A3600R V5.9c.4959 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.740888"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-30T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-31T10:40:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink A3600R app.so setAppEasyWizardConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-1686",
        "datePublished": "2026-01-30T15:02:08.241Z",
        "dateReserved": "2026-01-30T07:42:17.946Z",
        "dateUpdated": "2026-02-23T09:09:13.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7187 (GCVE-0-2024-7187)

    Vulnerability from cvelistv5 – Published: 2024-07-29 06:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272608 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272608 signaturepermissions-required
    https://vuldb.com/?submit.378291 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7187",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T13:13:04.849395Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:04:11.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272608 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272608"
              },
              {
                "name": "VDB-272608 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272608"
              },
              {
                "name": "Submit #378291 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378291"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T06:31:04.399Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272608 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272608"
            },
            {
              "name": "VDB-272608 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272608"
            },
            {
              "name": "Submit #378291 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7187",
        "datePublished": "2024-07-29T06:31:04.399Z",
        "dateReserved": "2024-07-28T05:35:48.426Z",
        "dateUpdated": "2024-08-01T21:52:30.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7186 (GCVE-0-2024-7186)

    Vulnerability from cvelistv5 – Published: 2024-07-29 06:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272607 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272607 signaturepermissions-required
    https://vuldb.com/?submit.378055 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r Affected: 4.1.2
        cpe:2.3:h:totolink:a3600r:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:totolink:a3600r:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7186",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:58:05.567642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:00:19.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272607 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272607"
              },
              {
                "name": "VDB-272607 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272607"
              },
              {
                "name": "Submit #378055 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378055"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion setWiFiAclAddConfig der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T06:00:09.895Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272607 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272607"
            },
            {
              "name": "VDB-272607 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272607"
            },
            {
              "name": "Submit #378055 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378055"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7186",
        "datePublished": "2024-07-29T06:00:09.895Z",
        "dateReserved": "2024-07-28T05:35:37.042Z",
        "dateUpdated": "2024-08-01T21:52:30.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7185 (GCVE-0-2024-7185)

    Vulnerability from cvelistv5 – Published: 2024-07-29 05:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272606 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272606 signaturepermissions-required
    https://vuldb.com/?submit.378054 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7185",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T14:33:43.138762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T16:18:55.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272606 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272606"
              },
              {
                "name": "VDB-272606 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272606"
              },
              {
                "name": "Submit #378054 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378054"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion setWebWlanIdx der Datei /cgi-bin/cstecgi.cgi. Durch Manipulation des Arguments webWlanIdx mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T05:31:03.591Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272606 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272606"
            },
            {
              "name": "VDB-272606 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272606"
            },
            {
              "name": "Submit #378054 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378054"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7185",
        "datePublished": "2024-07-29T05:31:03.591Z",
        "dateReserved": "2024-07-28T05:35:32.926Z",
        "dateUpdated": "2024-08-01T21:52:30.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7184 (GCVE-0-2024-7184)

    Vulnerability from cvelistv5 – Published: 2024-07-29 05:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow
    Summary
    A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272605 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272605 signaturepermissions-required
    https://vuldb.com/?submit.378053 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7184",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:41:28.157461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T18:33:30.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272605 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272605"
              },
              {
                "name": "VDB-272605 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272605"
              },
              {
                "name": "Submit #378053 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378053"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setUrlFilterRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T05:00:07.143Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272605 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272605"
            },
            {
              "name": "VDB-272605 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272605"
            },
            {
              "name": "Submit #378053 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378053"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7184",
        "datePublished": "2024-07-29T05:00:07.143Z",
        "dateReserved": "2024-07-28T05:35:29.172Z",
        "dateUpdated": "2024-08-01T21:52:30.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7183 (GCVE-0-2024-7183)

    Vulnerability from cvelistv5 – Published: 2024-07-29 04:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272604 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272604 signaturepermissions-required
    https://vuldb.com/?submit.378052 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7183",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:57:11.271280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:04:48.555Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272604 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272604"
              },
              {
                "name": "VDB-272604 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272604"
              },
              {
                "name": "Submit #378052 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378052"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setUploadSetting der Datei /cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T04:31:04.254Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272604 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272604"
            },
            {
              "name": "VDB-272604 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272604"
            },
            {
              "name": "Submit #378052 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378052"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7183",
        "datePublished": "2024-07-29T04:31:04.254Z",
        "dateReserved": "2024-07-28T05:35:25.414Z",
        "dateUpdated": "2024-08-01T21:52:30.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7182 (GCVE-0-2024-7182)

    Vulnerability from cvelistv5 – Published: 2024-07-29 04:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow
    Summary
    A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272603 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272603 signaturepermissions-required
    https://vuldb.com/?submit.378051 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploitpatch
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7182",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:31:51.827854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T16:09:09.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272603 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272603"
              },
              {
                "name": "VDB-272603 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272603"
              },
              {
                "name": "Submit #378051 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378051"
              },
              {
                "tags": [
                  "exploit",
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setUpgradeFW der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T04:00:06.814Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272603 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272603"
            },
            {
              "name": "VDB-272603 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272603"
            },
            {
              "name": "Submit #378051 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378051"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7182",
        "datePublished": "2024-07-29T04:00:06.814Z",
        "dateReserved": "2024-07-28T05:35:21.267Z",
        "dateUpdated": "2024-08-01T21:52:30.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7181 (GCVE-0-2024-7181)

    Vulnerability from cvelistv5 – Published: 2024-07-29 03:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection
    Summary
    A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272602 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272602 signaturepermissions-required
    https://vuldb.com/?submit.378050 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7181",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:26:49.861827Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T13:27:22.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272602 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272602"
              },
              {
                "name": "VDB-272602 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272602"
              },
              {
                "name": "Submit #378050 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Command Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378050"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion setTelnetCfg der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation des Arguments telnet_enabled mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T03:31:04.422Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272602 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272602"
            },
            {
              "name": "VDB-272602 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272602"
            },
            {
              "name": "Submit #378050 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378050"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7181",
        "datePublished": "2024-07-29T03:31:04.422Z",
        "dateReserved": "2024-07-28T05:35:17.289Z",
        "dateUpdated": "2024-08-01T21:52:30.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7180 (GCVE-0-2024-7180)

    Vulnerability from cvelistv5 – Published: 2024-07-29 03:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow
    Summary
    A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272601 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272601 signaturepermissions-required
    https://vuldb.com/?submit.378049 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7180",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T17:44:05.862291Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T20:56:03.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272601 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272601"
              },
              {
                "name": "VDB-272601 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272601"
              },
              {
                "name": "Submit #378049 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378049"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion setPortForwardRules der Datei /cgi-bin/cstecgi.cgi. Durch Beeinflussen des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T03:00:09.470Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272601 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272601"
            },
            {
              "name": "VDB-272601 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272601"
            },
            {
              "name": "Submit #378049 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378049"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7180",
        "datePublished": "2024-07-29T03:00:09.470Z",
        "dateReserved": "2024-07-28T05:35:13.996Z",
        "dateUpdated": "2024-08-01T21:52:30.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7179 (GCVE-0-2024-7179)

    Vulnerability from cvelistv5 – Published: 2024-07-29 02:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272600 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272600 signaturepermissions-required
    https://vuldb.com/?submit.378048 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7179",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:48:39.727885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T13:50:07.105Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272600 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272600"
              },
              {
                "name": "VDB-272600 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272600"
              },
              {
                "name": "Submit #378048 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378048"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Davon betroffen ist die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments startTime/endTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T02:31:03.995Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272600 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272600"
            },
            {
              "name": "VDB-272600 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272600"
            },
            {
              "name": "Submit #378048 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378048"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7179",
        "datePublished": "2024-07-29T02:31:03.995Z",
        "dateReserved": "2024-07-28T05:35:09.275Z",
        "dateUpdated": "2024-08-01T21:52:30.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7178 (GCVE-0-2024-7178)

    Vulnerability from cvelistv5 – Published: 2024-07-29 02:00 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272599 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272599 signaturepermissions-required
    https://vuldb.com/?submit.378045 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7178",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T13:39:44.250928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T17:03:38.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:30.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272599 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272599"
              },
              {
                "name": "VDB-272599 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272599"
              },
              {
                "name": "Submit #378045 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378045"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion setMacQos der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments priority/macAddress mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T02:00:08.334Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272599 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272599"
            },
            {
              "name": "VDB-272599 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272599"
            },
            {
              "name": "Submit #378045 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378045"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7178",
        "datePublished": "2024-07-29T02:00:08.334Z",
        "dateReserved": "2024-07-28T05:35:05.576Z",
        "dateUpdated": "2024-08-01T21:52:30.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7177 (GCVE-0-2024-7177)

    Vulnerability from cvelistv5 – Published: 2024-07-29 01:31 – Updated: 2024-08-01 21:52
    VLAI
    Title
    TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow
    Summary
    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.272598 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.272598 signaturepermissions-required
    https://vuldb.com/?submit.378044 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK A3600R Affected: 4.1.2cu.5182_B20201102
    Create a notification for this product.
    totolink a3600r_firmware Affected: 4.1.2cu.5182_b20201102
        cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a3600r_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.2cu.5182_b20201102"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-29T14:06:30.002064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-29T14:07:34.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-272598 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.272598"
              },
              {
                "name": "VDB-272598 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.272598"
              },
              {
                "name": "Submit #378044 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.378044"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "A3600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.2cu.5182_B20201102"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Dabei betrifft es die Funktion setLanguageCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments langType mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T01:31:03.907Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-272598 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.272598"
            },
            {
              "name": "VDB-272598 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.272598"
            },
            {
              "name": "Submit #378044 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.378044"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-28T07:40:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7177",
        "datePublished": "2024-07-29T01:31:03.907Z",
        "dateReserved": "2024-07-28T05:35:01.446Z",
        "dateUpdated": "2024-08-01T21:52:31.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }