VAR-202312-0729
Vulnerability from variot - Updated: 2024-05-17 23:04A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0729",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a7100ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "7.4cu.2313_b20191024"
},
{
"model": "a7100ru",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "a7100ru firmware 7.4cu.2313 b20191024"
},
{
"model": "a7100ru",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "a7100ru",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "a7100ru v7.4cu.2313 b20191024",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"cve": "CVE-2023-7095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-101089",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-7095",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-7095",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2023-7095",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-101089",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-7095"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "CNVD",
"id": "CNVD-2023-101089"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-7095",
"trust": 3.2
},
{
"db": "VULDB",
"id": "248942",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-101089",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"id": "VAR-202312-0729",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
}
]
},
"last_update_date": "2024-05-17T23:04:52.233000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/unpwn4bl3/iot-security/blob/main/2.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.248942"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-7095"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.248942"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"date": "2024-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"date": "2023-12-25T01:15:08.203000",
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-101089"
},
{
"date": "2024-01-29T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2023-023725"
},
{
"date": "2024-05-17T02:34:09.120000",
"db": "NVD",
"id": "CVE-2023-7095"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0A7100RU\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023725"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…