CVE-2023-6906

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 B20191024

Description A critical issue was found in the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The issue is related to the copying of a buffer without checking the size of the input data, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Totolink A7100RU version 7.4cu.2313 B20191024, as a temporary workaround, consider disabling the main function of the /cgi-bin/cstecgi.cgi?action=login file until a patch is available. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the flag argument with the input ie8 in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.