A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the c…

A critical buffer overflow vulnerability has been identified in Totolink N300RH router firmware version 3.2.4-B20220812. The vulnerability affects the setUpgradeFW function in the /cgi-bin/cstecgi.cgi file within the POST Request Handler component. By manipulating the FileName argument, attackers can trigger a buffer overflow condition. The vulnerability can be exploited remotely, making it particularly dangerous. A public exploit has been released, increasing the risk of active exploitation. This affects the router's firmware upgrade functionality, potentially allowing attackers to compromise the device or execute arbitrary code.