CVE-2024-42967

Name of the Vulnerable Software and Affected Versions TOTOLINK LR350 version 9.3.5u.6369 B20220309

Description The issue is related to incorrect access control, allowing attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to "/cgi-bin/ExportSettings.sh". This exposes usernames and passwords to attackers, posing a serious threat.

Recommendations For TOTOLINK LR350 version 9.3.5u.6369 B20220309, update your system to prevent unauthorized access. As a temporary workaround, consider restricting access to the "/cgi-bin/ExportSettings.sh" endpoint until a patch is available.