PT-2024-26478 · Totolink · Totolink Cp900L
Published
2024-05-28
·
Updated
2024-08-01
·
CVE-2024-35399
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK CP900L version 4.1.5cu.798 B20221228
Description
A stack overflow issue was discovered in the loginAuth function via the
password parameter.Recommendations
For TOTOLINK CP900L version 4.1.5cu.798 B20221228, avoid using the
password parameter in the loginAuth function until a fix is available. As a temporary workaround, consider restricting access to the loginAuth function to minimize the risk of exploitation.Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Cp900L