CVE-2024-10654

Name of the Vulnerable Software and Affected Versions TOTOLINK LR350 versions up to 9.3.5u.6369

Description A critical issue is related to the authorization procedure, specifically with the handling of the authCode parameter. This can allow a remote attacker to bypass security restrictions. The vulnerability affects an unknown functionality of the file /formLoginAuth.htm. Manipulating the authCode argument with the input 1 leads to authorization bypass. The attack can be launched remotely.

Recommendations For TOTOLINK LR350 versions up to 9.3.5u.6369, upgrade to version 9.3.5u.6698 B20230810 to address this issue. As a temporary workaround, consider restricting access to the /formLoginAuth.htm file and avoiding manipulation of the authCode parameter until the upgrade is applied.