CVE-2024-7335

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 version 4.0.3c.7646 B20201211

Description A critical issue has been found in the getSaveConfig function of the /cgi-bin/cstecgi.cgi?action=save&setting endpoint, caused by a buffer overflow when handling the http host parameter. This can be exploited remotely by sending a specially crafted POST request, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For TOTOLINK EX200 version 4.0.3c.7646 B20201211, as a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi?action=save&setting endpoint to minimize the risk of exploitation. Avoid using the http host parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.