This vulnerability affects the Totolink N300RH router running firmware version 3.2.4-B20220812. The issue is a buffer overflow triggered by manipulating the priDns argument in the setWanConfig function of the /cgi-bin/cstecgi.cgi POST request handler. The vulnerability allows remote attackers to cause a buffer overflow without requiring user interaction or privileges. The CVSS 4.0 base score is 8.7, indicating high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability has been publicly disclosed but no official patch or remediation level has been announced by the vendor. The product is not a cloud service, so remediation depends on vendor firmware updates.

Successful exploitation of this vulnerability could allow remote attackers to cause a buffer overflow condition on the affected device, potentially leading to denial of service or arbitrary code execution. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk. However, no known exploits have been observed in the wild so far. The high CVSS score reflects the potential for significant impact if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround has been provided, users should monitor Totolink's official channels for firmware updates addressing this vulnerability. Until a patch is available, restricting remote access to the device's management interface and disabling unnecessary services may reduce exposure.