CVE-2022-38827 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi

It occurs when insufficient input validation of user-supplied data is used. An attacker can inject malicious data into the cstecgi.cgi script which will make the software send more data to the server than it should. This can result in a crash or a Denial of Service condition. The following versions are vulnerable: TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 If you have one of the above versions, it is recommended to upgrade to the latest version as soon as possible. Otherwise, you should manually check the source code for the cstecgi.cgi script to see if there are any vulnerabilities.

TOTOLINK T6 V5.0.1cu.690

It is important that you upgrade to the following version if you are using this software: TOTOLINK T6 V5.0.1cu.690
This vulnerability was made public on June 18, 2019, and it is still being exploited by attackers.

Timeline

Published on: 09/16/2022 15:15:00 UTC
Last modified on: 09/17/2022 02:22:00 UTC

References

• https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_2.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38827