CVE-2023-7221

Name of the Vulnerable Software and Affected Versions Totolink T6 version 4.1.9cu.5241 B20210923

Description A critical issue has been found in the Totolink T6 mesh system, related to a buffer overflow when handling the v41 parameter in the /cgi-bin/cstecgi.cgi?action=login API endpoint. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For Totolink T6 version 4.1.9cu.5241 B20210923, as a temporary workaround, consider disabling the main function in the /cgi-bin/cstecgi.cgi?action=login API endpoint until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the v41 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.