Lucene search

MitreCVELIST:CVE-2023-40042

HistoryAug 08, 2023 - 12:00 a.m.

CVE-2023-40042

2023-08-0800:00:00

mitre

www.cve.org

totolink t10_v2

buffer overflow

setstaticdhcpconfig

mqtt packet

crafted data

return address

execute code

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

References

www.totolink.cn

github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md

www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html