CVE-2024-7337

Name of the Vulnerable Software and Affected Versions TOTOLINK EX1200L version 9.3.5u.6146 B20201023

Description The issue is caused by a buffer overflow on the stack when processing the http host parameter in the loginauth function of the /cgi-bin/cstecgi.cgi file. This can be exploited by a remote attacker by sending a specially crafted POST request, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For TOTOLINK EX1200L version 9.3.5u.6146 B20201023, as a temporary workaround, consider disabling the loginauth function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the http host parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.