CVE-2023-7187

🗓️ 31 Dec 2023 14:00:04Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 50 Views🌐 WEB

Vulnerability in Totolink N350RT 9.3.5u.6139_B20201216, affecting HTTP POST Request Handler, leads to stack-based buffer overflow. CVE-2023-718

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8, which is part of the microprogramming software for TOTOLINK N350RT routers, allows a hacker to execute arbitrary code.	15 Jan 202400:00	–	bdu_fstec
Circl	CVE-2023-7187	31 Dec 202315:26	–	circl
CNNVD	Totolink N350RT Security Vulnerability	31 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-7187 Totolink N350RT HTTP POST Request stack-based overflow	31 Dec 202314:00	–	cvelist
EUVD	EUVD-2023-59368	3 Oct 202520:07	–	euvd
NVD	CVE-2023-7187	31 Dec 202314:15	–	nvd
OSV	CVE-2023-7187	31 Dec 202314:15	–	osv
Prion	Stack overflow	31 Dec 202314:15	–	prion
Positive Technologies	PT-2023-8246 · Totolink · Totolink N350Rt	31 Dec 202300:00	–	ptsecurity

NVD

Node

totolink n350rt_firmwareMatch9.3.5u.6139_b20201216

AND

totolink n350rtMatch-

[
  {
    "vendor": "Totolink",
    "product": "N350RT",
    "versions": [
      {
        "version": "9.3.5u.6139_B20201216",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP POST Request Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/1/README.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
action	request body	cgi-bin/cstecgi.cgi?action=login&flag=ie8	Stack-based buffer overflow in HTTP POST request to the cgi-bin/cstecgi.cgi endpoint (action=login&flag=ie8) on Totolink N350RT, leading to potential code execution.	CWE-121
flag	request body	cgi-bin/cstecgi.cgi?action=login&flag=ie8	Stack-based buffer overflow in HTTP POST request to the cgi-bin/cstecgi.cgi endpoint (action=login&flag=ie8) on Totolink N350RT, leading to potential code execution.	CWE-121