CVE-2024-1783 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-1783?

CVE-2024-1783 has a CVSS score of 9.8 (CRITICAL). A critical stack-based buffer overflow vulnerability in Totolink LR1200GB routers allows remote attackers to execute arbitrary code by manipulating the http_host parameter in the loginAuth function. This affects devices running vulnerable firmware versions, potentially giving attackers full control over the router. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Totolink LR1200GB routers allows remote attackers to execute arbitrary code by manipulating the http_host parameter in the loginAuth function. This affects devices running vulnerable firmware versions, potentially giving attackers full control over the router. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Totolink LR1200GB

Versions: 9.1.0u.6619_B20230130 and 9.3.5u.6698_B20230810

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component specifically in the loginAuth function via http_host parameter manipulation.

📦 What is this software?

Lr1200gb Firmware by Totolink

View all CVEs affecting Lr1200gb Firmware →

Lr1200gb Firmware by Totolink

View all CVEs affecting Lr1200gb Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or join the device to a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal network attacks remain possible.

🌐 Internet-Facing: HIGH - Directly accessible from internet with CVSS 9.8 score and public exploit available.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated exploitation and device takeover.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub gist, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Check Totolink website for firmware updates, but vendor has been unresponsive.

🔧 Temporary Workarounds

Disable Web Interface WAN Access

linux

Block external access to router web interface on port 80/443

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Network Segmentation

all

Isolate affected routers in separate VLAN with restricted access

🧯 If You Can't Patch

Replace affected devices with different models from responsive vendors
Implement strict network access controls to limit exposure to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at System Status > Firmware Version

Check Version:

Check web interface or use nmap -sV -p 80,443 <router_ip> to identify service

Verify Fix Applied:

Verify firmware version is updated beyond affected versions (if patch becomes available)

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/cstecgi.cgi with manipulated http_host headers
Multiple failed login attempts followed by successful exploitation

Network Indicators:

Unusual outbound connections from router
Traffic patterns indicating command and control communication

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/cstecgi.cgi" AND http_host CONTAINS overflow_pattern)

📊 Metadata

CVE ID: CVE-2024-1783

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 23, 2024

Last Updated: April 1, 2025

🔗 References

https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.254574 Permissions Required,VDB Entry
https://vuldb.com/?id.254574 Third Party Advisory,VDB Entry
https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.254574 Permissions Required,VDB Entry
https://vuldb.com/?id.254574 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1783, you might also want to check these: