CVE-2024-36650: n/a
CVE-2024-36650 is a high-severity buffer overflow vulnerability found in the TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4. 1. 2cu. 5247_B20211129. The flaw exists in the cgi function setNoticeCfg within the /lib/cste_modules/system. so file, where the length of the user-supplied NoticeUrl string is not properly validated. Exploiting this vulnerability allows an unauthenticated attacker to send specially crafted HTTP or MQTT requests that trigger a buffer overflow, resulting in a denial-of-service (DoS) condition. The vulnerability does not impact confidentiality or integrity but can severely affect availability by crashing or destabilizing the router. No known exploits are currently reported in the wild, and no patches have been published yet. Organizations using this router model should prioritize mitigation to prevent potential service disruptions.
AI Analysis
Technical Summary
CVE-2024-36650 is a buffer overflow vulnerability identified in the TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247_B20211129. The vulnerability resides in the setNoticeCfg CGI function located in the /lib/cste_modules/system.so binary. Specifically, the function fails to validate the length of the user input parameter NoticeUrl, allowing an attacker to supply an excessively long string. This unchecked input leads to a classic stack-based buffer overflow (CWE-120), which can corrupt memory and cause the router's firmware process to crash or behave unpredictably. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it remotely exploitable by any unauthenticated attacker. The attacker can craft malicious HTTP or MQTT requests targeting the vulnerable CGI endpoint to trigger the overflow, resulting in denial-of-service conditions that disrupt network availability. Although no exploits have been observed in the wild, the vulnerability’s high CVSS score (7.5) reflects its ease of exploitation and impact on availability. No patches or firmware updates have been released at the time of publication, increasing the urgency for affected users to implement interim mitigations.
Potential Impact
The primary impact of CVE-2024-36650 is denial of service against TOTOLINK AC1200 routers running the vulnerable firmware. Successful exploitation causes the router to crash or become unresponsive, disrupting network connectivity for all devices relying on the router. This can affect home users, small businesses, and potentially larger organizations that use these routers in branch or remote office environments. While the vulnerability does not allow data theft or modification, the loss of network availability can interrupt business operations, degrade user experience, and increase operational costs due to downtime and recovery efforts. Attackers could leverage this vulnerability to conduct targeted DoS attacks against specific networks, potentially as part of larger multi-vector campaigns. The lack of authentication and user interaction requirements means attacks can be launched remotely and at scale, increasing the risk of widespread disruption.
Mitigation Recommendations
1. Immediately isolate vulnerable TOTOLINK AC1200 routers from untrusted networks to reduce exposure to remote attacks. 2. Monitor network traffic for unusual HTTP or MQTT requests targeting the setNoticeCfg CGI endpoint, and implement firewall rules to block suspicious or malformed requests containing overly long NoticeUrl parameters. 3. Disable or restrict access to the vulnerable CGI functionality if possible through router configuration or firmware settings. 4. Regularly check TOTOLINK’s official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Consider replacing vulnerable routers with models from vendors that provide timely security updates and have a strong security track record. 6. Employ network segmentation and intrusion detection systems to detect and contain potential exploitation attempts. 7. Educate network administrators about this vulnerability and encourage proactive vulnerability management practices.
Affected Countries
China, United States, India, Brazil, Russia, Germany, United Kingdom, France, South Korea, Japan
CVE-2024-36650: n/a
Description
CVE-2024-36650 is a high-severity buffer overflow vulnerability found in the TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4. 1. 2cu. 5247_B20211129. The flaw exists in the cgi function setNoticeCfg within the /lib/cste_modules/system. so file, where the length of the user-supplied NoticeUrl string is not properly validated. Exploiting this vulnerability allows an unauthenticated attacker to send specially crafted HTTP or MQTT requests that trigger a buffer overflow, resulting in a denial-of-service (DoS) condition. The vulnerability does not impact confidentiality or integrity but can severely affect availability by crashing or destabilizing the router. No known exploits are currently reported in the wild, and no patches have been published yet. Organizations using this router model should prioritize mitigation to prevent potential service disruptions.
AI-Powered Analysis
Technical Analysis
CVE-2024-36650 is a buffer overflow vulnerability identified in the TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247_B20211129. The vulnerability resides in the setNoticeCfg CGI function located in the /lib/cste_modules/system.so binary. Specifically, the function fails to validate the length of the user input parameter NoticeUrl, allowing an attacker to supply an excessively long string. This unchecked input leads to a classic stack-based buffer overflow (CWE-120), which can corrupt memory and cause the router's firmware process to crash or behave unpredictably. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it remotely exploitable by any unauthenticated attacker. The attacker can craft malicious HTTP or MQTT requests targeting the vulnerable CGI endpoint to trigger the overflow, resulting in denial-of-service conditions that disrupt network availability. Although no exploits have been observed in the wild, the vulnerability’s high CVSS score (7.5) reflects its ease of exploitation and impact on availability. No patches or firmware updates have been released at the time of publication, increasing the urgency for affected users to implement interim mitigations.
Potential Impact
The primary impact of CVE-2024-36650 is denial of service against TOTOLINK AC1200 routers running the vulnerable firmware. Successful exploitation causes the router to crash or become unresponsive, disrupting network connectivity for all devices relying on the router. This can affect home users, small businesses, and potentially larger organizations that use these routers in branch or remote office environments. While the vulnerability does not allow data theft or modification, the loss of network availability can interrupt business operations, degrade user experience, and increase operational costs due to downtime and recovery efforts. Attackers could leverage this vulnerability to conduct targeted DoS attacks against specific networks, potentially as part of larger multi-vector campaigns. The lack of authentication and user interaction requirements means attacks can be launched remotely and at scale, increasing the risk of widespread disruption.
Mitigation Recommendations
1. Immediately isolate vulnerable TOTOLINK AC1200 routers from untrusted networks to reduce exposure to remote attacks. 2. Monitor network traffic for unusual HTTP or MQTT requests targeting the setNoticeCfg CGI endpoint, and implement firewall rules to block suspicious or malformed requests containing overly long NoticeUrl parameters. 3. Disable or restrict access to the vulnerable CGI functionality if possible through router configuration or firmware settings. 4. Regularly check TOTOLINK’s official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Consider replacing vulnerable routers with models from vendors that provide timely security updates and have a strong security track record. 6. Employ network segmentation and intrusion detection systems to detect and contain potential exploitation attempts. 7. Educate network administrators about this vulnerability and encourage proactive vulnerability management practices.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-05-30T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6c63b7ef31ef0b5638ea
Added to database: 2/25/2026, 9:40:51 PM
Last enriched: 2/26/2026, 5:08:28 AM
Last updated: 2/26/2026, 11:07:41 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.