Ruaner

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200L version 9.3.5u.6146 B20201023 **Description** A critical issue affects the `UploadCustomModule` function of the `/cgi-bin/cstecgi.cgi` file, caused by a buffer overflow when handling the `File` parameter. This allows a remote attacker to impact the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request to the `/cgi-bin/cstecgi.cgi` endpoint. **Recommendations** For version 9.3.5u.6146 B20201023, as a temporary workaround, consider disabling the `UploadCustomModule` function until a patch is available. Restrict access to the `/cgi-bin/cstecgi.cgi` endpoint to minimize the risk of exploitation. Avoid using the `File` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.