Lucene search

[email protected]NVD:CVE-2023-40041

HistoryAug 08, 2023 - 7:15 p.m.

CVE-2023-40041

2023-08-0819:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-40041

totolink t10_v2

buffer overflow

mqtt packet

execute code

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.

Affected configurations

Nvd

Node

totolinkt10_v2Match-

AND

totolinkt10_v2_firmwareMatch5.9c.5061_b20200511

VendorProductVersionCPE
totolinkt10_v2-cpe:2.3:h:totolink:t10_v2:-:*:*:*:*:*:*:*
totolinkt10_v2_firmware5.9c.5061_b20200511cpe:2.3:o:totolink:t10_v2_firmware:5.9c.5061_b20200511:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	t10_v2	-	cpe:2.3:h:totolink:t10_v2:-:::::::*
totolink	t10_v2_firmware	5.9c.5061_b20200511	cpe:2.3:o:totolink:t10_v2_firmware:5.9c.5061_b20200511:::::::*

References

github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/lib-cste_modules-wps.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Related for NVD:CVE-2023-40041

prion1 cnvd1 cvelist1 cve1