CVE-2024-32326

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 version V4.0.3c.7646 B20201211

Description The issue exists due to inadequate protection of the web page structure in the setWiFiExtenderConfig function of the TOTOLINK EX200 router's firmware. This allows a remote attacker to conduct a cross-site scripting (XSS) attack through the key parameter in the setWiFiExtenderConfig function.

Recommendations For TOTOLINK EX200 version V4.0.3c.7646 B20201211, as a temporary workaround, consider restricting access to the setWiFiExtenderConfig function until a patch is available. Avoid using the key parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.