CVE-2023-7213 : A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published 2024-01-07 19:15:08

Updated 2024-05-17 02:34:19

Source VulDB

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2023-7213

Totolink » N350rt Firmware » Version: 9.3.5u.6139 B20201216
cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N350rt » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-7213

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-7213

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	VulDB	2024-01-07
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB	2024-01-07
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-01-11
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-7213

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: cna@vuldb.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-7213

https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md

vuldb/TOTOLINK/N350RT/2/README.md at main · jylsec/vuldb · GitHub
Exploit;Third Party Advisory
https://vuldb.com/?id.249769

CVE-2023-7213: Totolink N350RT HTTP POST Request main stack-based overflow
Permissions Required;Third Party Advisory;VDB Entry
https://vuldb.com/?ctiid.249769

CVE-2023-7213: Totolink N350RT HTTP POST Request main stack-based overflow
Permissions Required;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2023-7213

Products affected by CVE-2023-7213

Exploit prediction scoring system (EPSS) score for CVE-2023-7213

CVSS scores for CVE-2023-7213

CWE ids for CVE-2023-7213

References for CVE-2023-7213