Vulnerabilities > CVE-2023-40042 - Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

totolink

CWE-787

critical

NVD

Published: 2023-08-08

Updated: 2023-08-11

Summary

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink T10 V2 Firmware 5.9C.5061_B20200511	1
Hardware	Totolink Totolink T10 V2 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html
http://www.totolink.cn
https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md