CVE-2023-7095

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 B20191024

Description A critical issue has been found in the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Totolink A7100RU version 7.4cu.2313 B20191024, as a temporary workaround, consider disabling the main function of the /cgi-bin/cstecgi.cgi?action=login endpoint until a patch is available. Restrict access to the vulnerable HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the flag argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.