Vulnerabilities > CVE-2024-0942 - Insufficient Session Expiration vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6255B20211224

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

totolink

CWE-613

NVD

Published: 2024-01-26

Updated: 2024-05-17

Summary

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink N200Re V5 Firmware 9.3.5U.6255_B20211224	1
Hardware	Totolink Totolink N200Re V5 -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References