CVE-2024-0574

Name of the Vulnerable Software and Affected Versions Totolink LR1200GB version 9.1.0u.6619 B20230130

Description A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, where manipulation of the sTime argument leads to a stack-based buffer overflow. This can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The issue has been publicly disclosed.

Recommendations For Totolink LR1200GB version 9.1.0u.6619 B20230130, as a temporary workaround, consider disabling the setParentalRules function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the sTime argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.