A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cg…

A critical buffer overflow vulnerability has been discovered in Totolink N300RH router version 3.2.4-B20220812. The vulnerability affects the loginauth function in the /cgi-bin/cstecgi.cgi file of the Parameter Handler component. Attackers can exploit this flaw by manipulating the Password argument, leading to a buffer overflow condition. The vulnerability can be exploited remotely, making it particularly dangerous. Public exploit code has been released, increasing the risk of active exploitation. This affects the router's authentication mechanism, potentially allowing unauthorized access to the device.