CVE-2024-7463: TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow
First published: Mon Aug 05 2024(Updated: )
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Totolink CP900 Firmware | =6.3c.566 | |
| Totolink CP900 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7463?
CVE-2024-7463 is classified as a critical vulnerability.
How do I fix CVE-2024-7463?
To fix CVE-2024-7463, update your TOTOLINK CP900 to the latest firmware version provided by TOTOLINK.
What type of vulnerability is CVE-2024-7463?
CVE-2024-7463 is a buffer overflow vulnerability.
Can CVE-2024-7463 be exploited remotely?
Yes, CVE-2024-7463 can be exploited remotely.
What function is affected by CVE-2024-7463?
The vulnerability affects the UploadCustomModule function in the /cgi-bin/cstecgi.cgi file.
- agent/title
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/totolink
- canonical/totolink cp900 firmware
- version/totolink cp900 firmware/6.3c.566