CVE 8.7 HIGH

code-projects for Plugin cstecgi.cgi setWiFiMultipleConfig buffer overflow_CVE-2026-7503

April 30, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

AI Analysis

Buffer overflow vulnerability in the setWiFiMultipleConfig function of the cstecgi.cgi file, allowing remote attackers to exploit the wepkey2 argument.

Basic Information

ID CVE-2026-7503

Source VulDB

Published Apr 30, 2026 at 21:45

Affected Product

Vendor code-projects

Product for Plugin

Version 4.1.2cu.5137

Affected Versions code-projects for Plugin 4.1.2cu.5137

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor code-projects

Product Plugin

Version 4.1.2cu.5137

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.",
    "published": "2026-04-30T21:45:11.565Z",
    "modified": "2026-04-30T21:45:11.565Z",
    "type": "cve",
    "title": "code-projects for Plugin cstecgi.cgi setWiFiMultipleConfig buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360313\nhttps://vuldb.com/vuln/360313/cti\nhttps://vuldb.com/submit/803120\nhttps://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/02_Buffer_Overflow_setWiFiMultipleConfig.md\nhttps://code-projects.org/",
    "id": "CVE-2026-7503",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "code-projects for Plugin 4.1.2cu.5137",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "for Plugin",
    "version": "4.1.2cu.5137",
    "vendor": "code-projects",
    "ai_description": "Buffer overflow vulnerability in the setWiFiMultipleConfig function of the cstecgi.cgi file, allowing remote attackers to exploit the wepkey2 argument.",
    "ai_severity": "High",
    "ai_vendor": "code-projects",
    "ai_product": "Plugin",
    "ai_version": "4.1.2cu.5137",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply