CVE-2024-7178

Name of the Vulnerable Software and Affected Versions TOTOLINK A3600R version 4.1.2cu.5182 B20201102

Description A critical issue has been found, affecting the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. This issue can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For TOTOLINK A3600R version 4.1.2cu.5182 B20201102, as a temporary workaround, consider disabling the setMacQos function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the priority/macAddress argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.