Lucene search

MitreCVE-2023-40042

HistoryAug 08, 2023 - 7:15 p.m.

CVE-2023-40042

2023-08-0819:15:10

CWE-787

mitre

web.nvd.nist.gov

cve-2023-40042

totolink

buffer overflow

setstaticdhcpconfig

mqtt

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

Affected configurations

Nvd

Node

totolinkt10_v2_firmwareMatch5.9c.5061_b20200511

AND

totolinkt10_v2Match-

VendorProductVersionCPE
totolinkt10_v2_firmware5.9c.5061_b20200511cpe:2.3:o:totolink:t10_v2_firmware:5.9c.5061_b20200511:*:*:*:*:*:*:*
totolinkt10_v2-cpe:2.3:h:totolink:t10_v2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	t10_v2_firmware	5.9c.5061_b20200511	cpe:2.3:o:totolink:t10_v2_firmware:5.9c.5061_b20200511:::::::*
totolink	t10_v2	-	cpe:2.3:h:totolink:t10_v2:-:::::::*

References

www.totolink.cn

github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md

www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Related for CVE-2023-40042