cnvd - cnvd-2025-12713

CNVD-2025-12713

Vulnerability from cnvd - Published: 2025-06-17

Title

TOTOLINK CP900 cstecgi.cgi文件UploadCustomModule函数缓冲区溢出漏洞

Description

TOTOLINK CP900是一款无线路由器。 TOTOLINK CP900存在缓冲区溢出漏洞，该漏洞源于文件/cgi-bin/cstecgi.cgi的UploadCustomModule函数对File参数的处理不当。攻击者可利用该漏洞导致设备的崩溃、任意代码执行、设备控制权获取，甚至进一步用于攻击其他网络或设备。

Severity

高

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.totolink.net/

Reference

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md https://vuldb.com/?submit.381333 https://vuldb.com/?ctiid.273556

Impacted products

Name
TOTOLINK CP900 6.3c.566

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7463",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7463"
    }
  },
  "description": "TOTOLINK CP900\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTOTOLINK CP900\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/cgi-bin/cstecgi.cgi\u7684UploadCustomModule\u51fd\u6570\u5bf9File\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u7684\u5d29\u6e83\u3001\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3001\u8bbe\u5907\u63a7\u5236\u6743\u83b7\u53d6\uff0c\u751a\u81f3\u8fdb\u4e00\u6b65\u7528\u4e8e\u653b\u51fb\u5176\u4ed6\u7f51\u7edc\u6216\u8bbe\u5907\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.totolink.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-12713",
  "openTime": "2025-06-17",
  "products": {
    "product": "TOTOLINK CP900 6.3c.566"
  },
  "referenceLink": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md\r\nhttps://vuldb.com/?submit.381333\r\nhttps://vuldb.com/?ctiid.273556",
  "serverity": "\u9ad8",
  "submitTime": "2024-08-05",
  "title": "TOTOLINK CP900 cstecgi.cgi\u6587\u4ef6UploadCustomModule\u51fd\u6570\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2024-7463 (GCVE-0-2024-7463)

Vulnerability from cvelistv5 – Published: 2024-08-05 00:31 – Updated: 2024-08-05 13:55

Title

TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow

Summary

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.273556	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.273556	signaturepermissions-required
	https://vuldb.com/?submit.381333	third-party-advisory
	https://github.com/abcdefg-png/IoT-vulnerable/blo…	exploit

Impacted products

	Vendor	Product	Version
	TOTOLINK	CP900	Affected: 6.3c.566

Credits

yhryhryhr_tu (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:cp900_firmware:6.3c.566:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cp900_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "6.3c.566"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7463",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T13:54:15.892067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:55:20.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CP900",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "6.3c.566"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In TOTOLINK CP900 6.3c.566 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T00:31:04.075Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273556 | TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273556"
        },
        {
          "name": "VDB-273556 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273556"
        },
        {
          "name": "Submit #381333 | TOTOLINK CP900  V6.3c.566 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.381333"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-04T10:21:02.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7463",
    "datePublished": "2024-08-05T00:31:04.075Z",
    "dateReserved": "2024-08-04T08:15:43.528Z",
    "dateUpdated": "2024-08-05T13:55:20.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-12713

CVE-2024-7463 (GCVE-0-2024-7463)

Tags

Sightings

Nomenclature