CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE 1 Total

CWE-613: CWE-613 Session Expiration

CVSS 3 Total

Product Status

Versions 1 Total

Default Status: unknown

affected

Credits

Chun-Li Lin finder
lin7lic (VulDB User) reporter
lin7lic (VulDB User) analyst

References 5 Total

vuldb.com: VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration
external site
vdb-entrytechnical-description
vuldb.com: VDB-252186 | CTI Indicators (IOB, IOC, IOA)
external site
signaturepermissions-required
vuldb.com: Submit #269679 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration
external site
third-party-advisory
https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing
external site
exploit
https://youtu.be/b0tU2CiLbnU
external site
media-coverage

Updated: 2024-08-01

This container includes required additional information provided by the CVE Program for this vulnerability.

References 5 Total

vuldb.com: VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration
external site
vdb-entrytechnical-descriptionx_transferred
vuldb.com: VDB-252186 | CTI Indicators (IOB, IOC, IOA)
external site
signaturepermissions-requiredx_transferred
vuldb.com: Submit #269679 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration
external site
third-party-advisoryx_transferred
https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing
external site
exploitx_transferred
https://youtu.be/b0tU2CiLbnU
external site
media-coveragex_transferred

Authorized Data Publishers