CVE-2024-0576

Name of the Vulnerable Software and Affected Versions Totolink LR1200GB version 9.1.0u.6619 B20230130

Description A critical issue affects the setIpPortFilterRules function in the /cgi-bin/cstecgi.cgi file, where manipulation of the sPort argument leads to a stack-based buffer overflow. This can be initiated remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations For Totolink LR1200GB version 9.1.0u.6619 B20230130, as a temporary workaround, consider disabling the setIpPortFilterRules function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the sPort parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.