CVE-2024-7462

HIGH EPSS 68.0%

Published Aug 5, 20241y ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Aug 5, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

68.0% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-120

Affected Products 2

Vendor	Product	Version	Range
totolink	n350rt_firmware	9.3.5u.6139_b20201216	any
totolink	n350rt	*	any

References 4

github.com https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md

Exploit
vuldb.com https://vuldb.com/?ctiid.273555

Permissions RequiredThird Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?id.273555

Permissions RequiredThird Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.381325

Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.