CVE-2023-40041: Buffer Overflow
First published: Tue Aug 08 2023(Updated: )
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink T10 V2 Firmware | =5.9c.5061_b20200511 | |
| Totolink T10 V2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-40041?
The severity of CVE-2023-40041 is critical with a score of 9.8.
How does CVE-2023-40041 affect Totolink T10 V2 firmware version 5.9c.5061_b20200511?
CVE-2023-40041 allows attackers to execute code by exploiting a stack-based buffer overflow in the setWiFiWpsConfig function in /lib/cste_modules/wps.so.
How can an attacker exploit CVE-2023-40041?
An attacker can send crafted data in an MQTT packet, specifically via the pin parameter, to control the return address and execute code.
Is Totolink T10 V2 firmware version 5.9c.5061_b20200511 vulnerable to CVE-2023-40041?
Yes, Totolink T10 V2 firmware version 5.9c.5061_b20200511 is vulnerable to CVE-2023-40041.
Are there any fixes or patches available for CVE-2023-40041?
There is no information provided about available fixes or patches for CVE-2023-40041. It is recommended to contact the vendor for updates and advisories.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/totolink
- canonical/totolink t10 v2 firmware
- version/totolink t10 v2 firmware/5.9c.5061_b20200511
- canonical/totolink t10 v2