CVE-2024-32325 is a Cross-site Scripting (XSS) vulnerability identified in the TOTOLINK EX200 router firmware version 4.0.3c.7646_B20201211. The flaw resides in the setWiFiExtenderConfig function, where the ssid parameter does not properly sanitize input, allowing injection of malicious scripts. XSS vulnerabilities like this enable attackers to execute arbitrary JavaScript in the context of the affected device's web management interface. However, exploitation requires the attacker to have high privileges (authenticated access) and user interaction, which significantly limits the attack surface. The vulnerability impacts confidentiality by potentially exposing sensitive information through script execution but does not affect integrity or availability. The CVSS 3.1 score is 2.4 (low), reflecting the limited impact and exploitation complexity. No known public exploits or patches are currently available. This vulnerability is categorized under CWE-79, a common weakness related to improper neutralization of input during web page generation. The device affected is a consumer-grade Wi-Fi extender/router, typically used in home or small office environments. The lack of a patch means users must rely on mitigating controls until an official fix is released.

The primary impact of this vulnerability is limited to confidentiality breaches through script injection in the device's web interface. Since exploitation requires authenticated access and user interaction, the risk of widespread compromise is low. However, if exploited, an attacker could potentially steal session cookies, manipulate the device's web interface, or perform actions on behalf of the legitimate user. This could lead to unauthorized disclosure of configuration details or credentials stored in the device interface. The vulnerability does not affect device integrity or availability, so it is unlikely to cause service disruption or device malfunction. Organizations using TOTOLINK EX200 devices in sensitive environments could face targeted attacks if attackers gain internal network access. Overall, the impact is low but should not be ignored, especially in environments where device management interfaces are exposed or weakly protected.

To mitigate this vulnerability, organizations should immediately restrict access to the TOTOLINK EX200 device management interface to trusted networks and users only, preferably via VPN or secure management VLANs. Enforce strong authentication mechanisms and change default credentials to prevent unauthorized access. Disable remote management features if not required. Monitor device logs for suspicious activity indicating attempted exploitation. Since no patch is currently available, consider isolating the device from critical network segments until a firmware update addressing this vulnerability is released by TOTOLINK. Additionally, educate users about the risks of interacting with suspicious links or inputs in the device interface. Regularly check the vendor’s website or security advisories for firmware updates and apply them promptly once available. Employ network-level protections such as web application firewalls (WAF) that can detect and block XSS payloads targeting the device’s management interface.