The vulnerability in the cstecgi.cgi (/cgi-bin/cstecgi.cgi?action=login&flag=ie8) script of the TOTOLink T6 mesh-system’s software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cstecgi.cgi /cgi-bin/cstecgi.cgi?action=login&flag=ie8 implementation of the TOTOLink T6 mesh-system’s software is related to the escape of the operation beyond the buffer in memory when processing the parameter v41. Exploiting this vulnerability can allow an attacker to...

CVE-2023-7221

A vulnerability was found in Totolink T6 4.1.9cu.5241B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possibl...

PT-2023-8245 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: Totolink T6 version 4.1.9cu.5241 B20210923 Description: A critical issue has been found in the Totolink T6 mesh system, related to a buffer overflow when handling the v41 parameter in the /cgi-bin/cstecgi.cgi?action=login API endpoint. This c...