CVE-2024-7184

Name of the Vulnerable Software and Affected Versions TOTOLINK A3600R version 4.1.2cu.5182 B20201102

Description A critical issue has been found, affecting the setUrlFilterRules function of the file /cgi-bin/cstecgi.cgi. The manipulation of the url argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For TOTOLINK A3600R version 4.1.2cu.5182 B20201102, as a temporary workaround, consider disabling the setUrlFilterRules function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.