CVE-2024-32334 is a stored Cross-site Scripting (XSS) vulnerability identified in the TOTOLINK N300RT router firmware version V2.1.8-B20201030.1539. The vulnerability resides in the IP/Port Filtering functionality within the Firewall configuration page of the router's web management interface. Stored XSS occurs when malicious scripts injected by an attacker are saved by the application and later executed in the browser of users who access the affected page. In this case, an attacker with low-level privileges who can access the router's web interface can inject malicious JavaScript code into the IP/Port filtering settings. When a user (potentially an administrator or other authenticated user) views the affected page, the malicious script executes in their browser context. This can lead to session hijacking, unauthorized actions within the router interface, or further exploitation such as pivoting into the internal network. The vulnerability requires authentication (low privileges) and user interaction (visiting the page) to be exploited. The CVSS 3.1 vector indicates network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality, integrity, and availability (all low). No patches or known exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly to prevent potential misuse.

The impact of CVE-2024-32334 on organizations using the TOTOLINK N300RT router can be significant despite the medium severity rating. Successful exploitation can allow an attacker with low privileges to execute arbitrary scripts in the context of the router's web interface, potentially leading to session hijacking, unauthorized configuration changes, or further compromise of the internal network. This can degrade the confidentiality, integrity, and availability of network infrastructure managed by the affected routers. Since routers are critical network devices, compromise can facilitate lateral movement, data interception, or denial of service. Organizations relying on this router model, especially in small office/home office (SOHO) environments or branch offices, may face increased risk of targeted attacks or automated exploitation once public exploits emerge. The lack of available patches increases the window of exposure.

1. Restrict access to the router's web management interface to trusted internal networks only, using network segmentation and firewall rules to limit exposure. 2. Enforce strong authentication policies and change default credentials to prevent unauthorized access. 3. Monitor router logs and network traffic for suspicious activities indicative of exploitation attempts. 4. Disable or limit the use of the IP/Port Filtering feature if not required, reducing the attack surface. 5. Regularly check for firmware updates from TOTOLINK and apply patches promptly once available. 6. Consider deploying web application firewalls (WAF) or intrusion detection/prevention systems (IDS/IPS) that can detect and block XSS payloads targeting the router interface. 7. Educate users and administrators about the risks of interacting with untrusted content or links that may trigger exploitation. 8. If possible, isolate management interfaces on dedicated VLANs or out-of-band management networks to reduce exposure.