CVE-2024-42966

Name of the Vulnerable Software and Affected Versions TOTOLINK N350RT version V9.3.5u.6139 B20201216

Description The issue is related to incorrect access control, allowing attackers to obtain the apmib configuration file, which contains the username and password, via a crafted request to "/cgi-bin/ExportSettings.sh".

Recommendations For TOTOLINK N350RT version V9.3.5u.6139 B20201216, as a temporary workaround, consider restricting access to the "/cgi-bin/ExportSettings.sh" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.