CVE-2024-1783

Name of the Vulnerable Software and Affected Versions Totolink LR1200GB versions 9.1.0u.6619 B20230130 through 9.3.5u.6698 B20230810

Description A critical vulnerability has been found in the Web Interface component of Totolink LR1200GB, specifically in the loginAuth function of the file /cgi-bin/cstecgi.cgi. The manipulation of the http host argument leads to a stack-based buffer overflow, allowing a remote attacker to launch an attack. The exploit has been disclosed to the public and may be used.

Recommendations For Totolink LR1200GB versions 9.1.0u.6619 B20230130 through 9.3.5u.6698 B20230810, consider disabling the loginAuth function of the /cgi-bin/cstecgi.cgi file as a temporary workaround until a patch is available. Restrict access to the vulnerable Web Interface component to minimize the risk of exploitation. Avoid using the http host argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.