CVE-2024-32325

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 version 4.0.3c.7646 B20201211

Description The issue is related to a Cross-site scripting (XSS) vulnerability. This vulnerability exists due to inadequate protection of the web page structure in the setWiFiExtenderConfig function. The ssid parameter is specifically mentioned as the vulnerable point. Exploitation of this issue may allow a remote attacker to conduct an XSS attack.

Recommendations For TOTOLINK EX200 version 4.0.3c.7646 B20201211, consider disabling the setWiFiExtenderConfig function or restricting access to the ssid parameter until a patch is available. As a temporary workaround, avoid using the ssid parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.