CVE-2023-7213

Name of the Vulnerable Software and Affected Versions Totolink N350RT version 9.3.5u.6139 B20201216

Description A critical vulnerability was found in the Totolink N350RT, affecting the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Totolink N350RT version 9.3.5u.6139 B20201216, as a temporary workaround, consider disabling the main function in the /cgi-bin/cstecgi.cgi?action=login&flag=1 file until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the argument v33 in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.