CVE-2024-7333

Name of the Vulnerable Software and Affected Versions TOTOLINK N350RT version 9.3.5u.6139 B20201216

Description A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, causing a buffer overflow when the week, sTime, and eTime parameters are manipulated. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request to the /cgi-bin/cstecgi.cgi endpoint. The exploit has been publicly disclosed.

Recommendations For TOTOLINK N350RT version 9.3.5u.6139 B20201216, as a temporary workaround, consider disabling the setParentalRules function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi endpoint to minimize the risk of exploitation. Avoid using the parameters week, sTime, and eTime in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.