The vulnerability identified as CVE-2024-32327 affects the TOTOLINK N300RT router firmware version V2.1.8-B20201030.1539. It is a stored Cross-site Scripting (XSS) vulnerability categorized under CWE-79. The flaw exists in the Port Forwarding section of the Firewall page, where user-supplied input is not properly sanitized before being stored and later rendered in the web interface. An attacker with low-level privileges and authentication to the router's web management interface can inject malicious JavaScript code. When the firewall page is subsequently viewed by an authenticated user, the malicious script executes in the context of the victim's browser session. This can lead to unauthorized actions such as session hijacking, manipulation of router settings, or redirection to malicious sites. The vulnerability requires network access to the router's management interface and user interaction, as the victim must visit the affected page. The CVSS v3.1 base score is 5.5, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. No patches or exploit code are currently publicly available, and no active exploitation has been reported. The vulnerability was published on April 18, 2024, with the CVE reserved on April 12, 2024.

This vulnerability can impact organizations by allowing an authenticated but low-privileged user to execute arbitrary scripts within the router's administrative interface. Potential impacts include theft of authentication cookies or tokens, unauthorized changes to router configurations such as port forwarding rules, and disruption of network traffic. This could lead to broader network compromise if attackers leverage the router as a pivot point. The stored nature of the XSS increases risk since malicious code persists and can affect multiple users. Although exploitation requires authentication and user interaction, environments with multiple users sharing router access or weak authentication controls are at higher risk. The vulnerability could also be leveraged in targeted attacks against organizations relying on TOTOLINK N300RT routers, potentially affecting network availability and confidentiality of internal communications.

To mitigate this vulnerability, organizations should restrict access to the router's management interface to trusted administrators only, preferably via secure management VLANs or VPNs. Enforce strong authentication mechanisms and change default credentials immediately. Disable remote management if not required. Monitor router logs for suspicious activity related to port forwarding configuration changes. Since no official patch is currently available, consider upgrading to a newer firmware version once released by TOTOLINK that addresses this issue. As a temporary workaround, administrators can avoid using the Port Forwarding page or limit the number of users with access to the router interface. Implement network segmentation to reduce exposure of the router management interface. Additionally, educate users about the risks of interacting with untrusted router interfaces and ensure browsers are up to date to mitigate exploitation impact.