CVE-2023-40042: Buffer Overflow
First published: Tue Aug 08 2023(Updated: )
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink T10 V2 Firmware | =5.9c.5061_b20200511 | |
| Totolink T10 V2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-40042?
The severity of CVE-2023-40042 is critical with a CVSS score of 9.8.
What is CVE-2023-40042?
CVE-2023-40042 is a stack-based buffer overflow vulnerability in TOTOLINK T10_v2 firmware version 5.9c.5061_B20200511.
How does CVE-2023-40042 work?
Attackers can exploit CVE-2023-40042 by sending crafted data in an MQTT packet through the comment parameter.
What is the impact of CVE-2023-40042?
CVE-2023-40042 allows attackers to control the return address and execute code on the affected device.
How can I fix CVE-2023-40042?
To fix CVE-2023-40042, update the TOTOLINK T10_v2 firmware to a version that does not have the stack-based buffer overflow vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/totolink
- canonical/totolink t10 v2 firmware
- version/totolink t10 v2 firmware/5.9c.5061_b20200511
- canonical/totolink t10 v2