CVE-2024-35099

Name of the Vulnerable Software and Affected Versions TOTOLINK LR350 version 9.3.5u.6698 B20230810

Description A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access.

Recommendations For TOTOLINK LR350 version 9.3.5u.6698 B20230810, consider disabling the loginAuth function until a patch is available to prevent potential exploitation. Restrict access to the login functionality to minimize the risk of unauthorized access. Avoid using the password parameter in the affected login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.