2705056589

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N350RT version 9.3.5u.6139 B20201216 **Description** A critical issue affects the `setParentalRules` function of the `/cgi-bin/cstecgi.cgi` file, causing a buffer overflow when the `week`, `sTime`, and `eTime` parameters are manipulated. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request to the `/cgi-bin/cstecgi.cgi` endpoint. The exploit has been publicly disclosed. **Recommendations** For TOTOLINK N350RT version 9.3.5u.6139 B20201216, as a temporary workaround, consider disabling the `setParentalRules` function until a patch is available. Restrict access to the `/cgi-bin/cstecgi.cgi` endpoint to minimize the risk of exploitation. Avoid using the parameters `week`, `sTime`, and `eTime` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.