{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7218", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-07T08:37:38.841Z", "datePublished": "2024-01-08T21:00:05.100Z", "dateUpdated": "2025-06-17T20:39:14.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:28:17.536Z"}, "title": "Totolink N350RT cstecgi.cgi loginAuth stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "Totolink", "product": "N350RT", "versions": [{"version": "9.3.5u.6139_B202012", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Totolink N350RT 9.3.5u.6139_B202012 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion loginAuth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-01-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-07T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-25T07:27:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "jylsec (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.249852", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.249852", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md", "tags": ["broken-link"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:34.973Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.249852", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.249852", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md", "tags": ["broken-link", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7218", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-10T15:24:48.691612Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:39:14.838Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.249852", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.249852", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md", "tags": ["broken-link", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:34.973Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7218", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-10T15:24:48.691612Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:34:25.216Z"}}], "cna": {"title": "Totolink N350RT cstecgi.cgi loginAuth stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "jylsec (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"}}], "affected": [{"vendor": "Totolink", "product": "N350RT", "versions": [{"status": "affected", "version": "9.3.5u.6139_B202012"}]}], "timeline": [{"lang": "en", "time": "2024-01-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-07T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2024-01-07T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-01-25T07:27:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.249852", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.249852", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md", "tags": ["broken-link"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Totolink N350RT 9.3.5u.6139_B202012 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion loginAuth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:28:17.536Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7218", "state": "PUBLISHED", "dateUpdated": "2025-06-17T20:39:14.838Z", "dateReserved": "2024-01-07T08:37:38.841Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-08T21:00:05.100Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "matchCriteriaId": "1E783757-7B3B-426D-A7CB-0FEE15BA7EA7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B88D1F1-F7A6-43D5-8DF7-E9425823C7B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Totolink N350RT 9.3.5u.6139_B202012 y clasificada como cr\u00edtica. La funci\u00f3n loginAuth del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento contrase\u00f1a provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible lanzar el ataque de forma remota. El identificador de esta vulnerabilidad es VDB-249852. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2023-7218", "lastModified": "2024-11-21T08:45:32.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-08T21:15:10.850", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.249852"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.249852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.249852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.249852"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}