CVE-2024-36650 is a buffer overflow vulnerability identified in the TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247_B20211129. The vulnerability resides in the setNoticeCfg CGI function located in the /lib/cste_modules/system.so binary. Specifically, the function fails to validate the length of the user input parameter NoticeUrl, allowing an attacker to supply an excessively long string. This unchecked input leads to a classic stack-based buffer overflow (CWE-120), which can corrupt memory and cause the router's firmware process to crash or behave unpredictably. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it remotely exploitable by any unauthenticated attacker. The attacker can craft malicious HTTP or MQTT requests targeting the vulnerable CGI endpoint to trigger the overflow, resulting in denial-of-service conditions that disrupt network availability. Although no exploits have been observed in the wild, the vulnerability’s high CVSS score (7.5) reflects its ease of exploitation and impact on availability. No patches or firmware updates have been released at the time of publication, increasing the urgency for affected users to implement interim mitigations.

The primary impact of CVE-2024-36650 is denial of service against TOTOLINK AC1200 routers running the vulnerable firmware. Successful exploitation causes the router to crash or become unresponsive, disrupting network connectivity for all devices relying on the router. This can affect home users, small businesses, and potentially larger organizations that use these routers in branch or remote office environments. While the vulnerability does not allow data theft or modification, the loss of network availability can interrupt business operations, degrade user experience, and increase operational costs due to downtime and recovery efforts. Attackers could leverage this vulnerability to conduct targeted DoS attacks against specific networks, potentially as part of larger multi-vector campaigns. The lack of authentication and user interaction requirements means attacks can be launched remotely and at scale, increasing the risk of widespread disruption.

1. Immediately isolate vulnerable TOTOLINK AC1200 routers from untrusted networks to reduce exposure to remote attacks. 2. Monitor network traffic for unusual HTTP or MQTT requests targeting the setNoticeCfg CGI endpoint, and implement firewall rules to block suspicious or malformed requests containing overly long NoticeUrl parameters. 3. Disable or restrict access to the vulnerable CGI functionality if possible through router configuration or firmware settings. 4. Regularly check TOTOLINK’s official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Consider replacing vulnerable routers with models from vendors that provide timely security updates and have a strong security track record. 6. Employ network segmentation and intrusion detection systems to detect and contain potential exploitation attempts. 7. Educate network administrators about this vulnerability and encourage proactive vulnerability management practices.