Cyber Resilience

CVE-2024-7463

HighPublic PoC

Published: 05 August 2024

Published
05 August 2024
Modified
15 August 2024
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0994 93.2th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7463 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink Cp900 Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A critical buffer overflow vulnerability exists in the TOTOLINK CP900 firmware version 6.3c.566. The flaw resides in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file and is triggered by manipulation of the File argument, corresponding to CWE-120. The issue received a CVSS 4.0 score of 8.7 and can be reached over the network.

An authenticated remote attacker can supply a crafted File parameter to the affected CGI endpoint, leading to memory corruption that may allow full compromise of the device confidentiality, integrity, and availability. Public proof-of-concept code for the vulnerability has been released.

The vendor was notified prior to disclosure but did not respond or issue a patch. The associated EPSS score rose from lower values to a peak of 0.1510 before receding to the current 0.0994, indicating a period of increased public interest following the initial publication.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has…

more

been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing CGI script (/cgi-bin/cstecgi.cgi UploadCustomModule) enables remote code execution via exploitation of the web application.

Affected Assets

totolink
cp900 firmware
6.3c.566

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References