CVE-2023-40041

CVSS V2 None CVSS V3 None
Description
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.
Overview
  • CVE ID
  • CVE-2023-40041
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-08-08T19:15:10
  • Last Modified Date
  • 2023-08-11T23:35:53
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:totolink:t10_v2_firmware:5.9c.5061_b20200511:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:totolink:t10_v2:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/lib-cste_modules-wps.md Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-09-06 03:19:41 Added to TrackCVE
2023-09-06 03:19:44 Weakness Enumeration new