Description
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2024-17508
1. Vulnerability Assessment and Severity Evaluation
The vulnerability EUVD-2024-17508, classified as critical, affects the Totolink LR1200GB router models running firmware versions 9.1.0u.6619_B20230130 and 9.3.5u.6698_B20230810. The issue resides in the loginAuth function of the /cgi-bin/cstecgi.cgi file within the web interface component. The manipulation of the http_host argument results in a stack-based buffer overflow, which can be exploited remotely.
Severity Evaluation:
- CVSS Base Score: 9.8
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The high base score indicates a critical vulnerability due to the following factors:
- Attack Vector (AV:N): The vulnerability can be exploited over the network.
- Attack Complexity (AC:L): The attack requires low complexity.
- Privileges Required (PR:N): No privileges are required to exploit the vulnerability.
- User Interaction (UI:N): No user interaction is required.
- Scope (S:U): The vulnerability does not change the security scope.
- Confidentiality (C:H), Integrity (I:H), Availability (A:H): High impact on all three security properties.
2. Potential Attack Vectors and Exploitation Methods
Attack Vectors:
- Remote Exploitation: An attacker can exploit this vulnerability over the network without needing physical access to the device.
- Buffer Overflow: By manipulating the
http_hostargument, an attacker can cause a stack-based buffer overflow, leading to arbitrary code execution.
Exploitation Methods:
- Crafted HTTP Requests: An attacker can send specially crafted HTTP requests to the vulnerable web interface, causing a buffer overflow in the
loginAuthfunction. - Payload Delivery: Once the buffer overflow occurs, the attacker can inject malicious code to gain control over the device.
3. Affected Systems and Software Versions
Affected Systems:
- Totolink LR1200GB routers
Affected Software Versions:
- Firmware version 9.1.0u.6619_B20230130
- Firmware version 9.3.5u.6698_B20230810
4. Recommended Mitigation Strategies
Immediate Mitigation:
- Network Segmentation: Isolate affected devices from critical network segments.
- Firewall Rules: Implement strict firewall rules to limit access to the web interface.
- Monitoring: Increase monitoring of network traffic to detect and respond to suspicious activities.
Long-Term Mitigation:
- Firmware Update: Apply the latest firmware updates from Totolink once available.
- Patch Management: Implement a robust patch management process to ensure timely updates.
- Access Control: Enforce strong authentication and access control mechanisms for the web interface.
5. Impact on European Cybersecurity Landscape
The vulnerability poses a significant risk to the European cybersecurity landscape, particularly for organizations and individuals using Totolink LR1200GB routers. The potential for remote exploitation and high impact on confidentiality, integrity, and availability can lead to:
- Data Breaches: Unauthorized access to sensitive information.
- Service Disruption: Denial of service attacks affecting network availability.
- Compromised Networks: Attackers gaining control over network devices, leading to further compromises.
6. Technical Details for Security Professionals
Vulnerability Details:
- Function Affected:
loginAuthin/cgi-bin/cstecgi.cgi - Argument Manipulated:
http_host - Type of Vulnerability: Stack-based buffer overflow
Exploit Availability:
- The exploit has been disclosed to the public and may be used by malicious actors.
References:
Aliases:
- CVE-2024-1783
- GSD-2024-1783
Assigner:
- VulDB
ENISA IDs:
- Product:
- ID: 3594952f-c756-3b77-aa4e-0cff238dd604, Product: LR1200GB, Version: 9.1.0u.6619_B20230130
- ID: 5e9ff321-f2ab-36fa-9202-7575b1a6f58b, Product: LR1200GB, Version: 9.3.5u.6698_B20230810
- ID: 7cb9a3b5-dbc0-3fa9-9b2c-c376582c0e35, Product: LR1200GB
- Vendor:
- ID: 0f145a3b-6991-3f4e-bd73-abf190184ba1, Vendor: Totolink
Conclusion: This critical vulnerability in Totolink LR1200GB routers requires immediate attention from cybersecurity professionals. Implementing the recommended mitigation strategies and staying vigilant for firmware updates are crucial steps to protect against potential exploitation. The European cybersecurity community should collaborate to address this vulnerability and ensure the security of affected networks.