Vulnerabilities > CVE-2023-40042 - Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
totolink
CWE-787
critical

Summary

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

Vulnerable Configurations

Part Description Count
OS
Totolink
1
Hardware
Totolink
1

Common Weakness Enumeration (CWE)