Ysnlrh

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 version 4.1.8cu.5207 **Description** A critical vulnerability was found in the TOTOLINK T10, affecting the function `setWizardCfg` of the file `/cgi-bin/cstecgi.cgi` in the HTTP POST Request Handler component. The manipulation of the argument `ssid5g` leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK T10 version 4.1.8cu.5207, consider disabling the `setWizardCfg` function until a patch is available to prevent remote buffer overflow via manipulation of the `ssid5g` argument. Restrict access to the `/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `ssid5g` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.