CVE-2024-36650

Name of the Vulnerable Software and Affected Versions TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247 B20211129

Description The issue arises from the lack of input validation in the setNoticeCfg function, specifically with the NoticeUrl variable. This omission can lead to a buffer overflow, enabling attackers to craft malicious requests. As a result, this can cause a denial-of-service attack by constructing malicious HTTP or MQTT requests.

Recommendations For TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247 B20211129, as a temporary workaround, consider restricting access to the /lib/cste modules/system.so file to minimize the risk of exploitation. Additionally, avoid using the NoticeUrl variable in the setNoticeCfg function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.