CVE-2024-31805

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 version 4.0.3c.7646 B20201211

Description The issue is related to a flaw in the authorization procedure of the setTelnetCfg function in the TOTOLINK EX200 router's firmware. This flaw allows a remote attacker to start the Telnet service without authorization by exploiting the telnet enabled parameter in the setTelnetCfg function.

Recommendations For TOTOLINK EX200 version 4.0.3c.7646 B20201211, as a temporary workaround, consider disabling the setTelnetCfg function until a patch is available. Restrict access to the Telnet service to minimize the risk of exploitation. Avoid using the telnet enabled parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.