Login Sign Up

CVE-2024-0573

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Totolink LR1200GB routers allows remote attackers to execute arbitrary code by manipulating the 'ip' parameter in the setDiagnosisCfg function. This affects users running firmware version 9.1.0u.6619_B20230130. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • Totolink LR1200GB
Versions: 9.1.0u.6619_B20230130
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the affected firmware version are vulnerable by default.

📦 What is this software?

Lr1200gb Firmware by Totolink

View all CVEs affecting Lr1200gb Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, and network disruption.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network segmentation.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication.
🏢 Internal Only: HIGH - Vulnerable to internal network attacks if device is accessible.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available in GitHub repositories, making attacks straightforward for threat actors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Contact Totolink support for firmware updates. If update becomes available, download from official vendor site, upload via web interface, and reboot device.

🔧 Temporary Workarounds

Network Isolation

all

Place vulnerable routers behind firewalls with strict inbound rules

Access Restriction

all

Block access to /cgi-bin/cstecgi.cgi via web application firewall or router ACLs

🧯 If You Can't Patch

  • Replace vulnerable devices with supported models from different vendors
  • Implement network segmentation to isolate vulnerable routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Check firmware version via router web interface at System Status > Firmware Version

Check Version:

No CLI command available - use web interface or check via HTTP request to router management page

Verify Fix Applied:

Verify firmware version has changed from 9.1.0u.6619_B20230130 to a newer version

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /cgi-bin/cstecgi.cgi with long ip parameter values
  • Unusual process execution or memory errors in router logs

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known exploit repositories

SIEM Query:

source_ip="router_ip" AND url_path="/cgi-bin/cstecgi.cgi" AND http_method="POST" AND content_length>1000

📊 Metadata

CVE ID: CVE-2024-0573
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: January 16, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0573, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)