CVE-2024-7462

Name of the Vulnerable Software and Affected Versions TOTOLINK N350RT version 9.3.5u.6139 B20201216

Description A critical issue affects the setWizardCfg function of the /cgi-bin/cstecgi.cgi file, where the manipulation of the ssid argument leads to a buffer overflow. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request to the /cgi-bin/cstecgi.cgi endpoint. The issue has been publicly disclosed.

Recommendations For TOTOLINK N350RT version 9.3.5u.6139 B20201216, as a temporary workaround, consider disabling the setWizardCfg function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi endpoint to minimize the risk of exploitation. Avoid using the ssid argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.