A critical buffer overflow vulnerability in Totolink WA300 devices allows remote, unauthenticated attackers to trigger arbitrary code execution via the web interface.

The vulnerability exists in the loginauth function within the /cgi-bin/cstecgi.cgi component. An attacker can supply an overly long http_host argument to trigger a buffer overflow, which may result in remote code execution.

With a CVSS score of 9.8, this flaw poses a severe risk to organizational security. Successful exploitation allows an attacker to gain remote access to the device, potentially leading to unauthorized network access, interception of traffic, or complete disruption of network services.

Immediate Action: Update the affected Totolink WA300 firmware to the latest available version provided by the manufacturer.

Proactive Monitoring: Monitor network traffic for suspicious POST requests targeting cstecgi.cgi and review device logs for crash events or unusual authentication attempts.

Compensating Controls: Restrict access to the device's web management interface to trusted administrative IP addresses only and deploy a WAF to block malformed HTTP requests.

Public Exploit Available: true

Due to the availability of public exploits, this vulnerability is highly dangerous. Security teams must isolate affected devices from the public internet immediately and apply the necessary firmware updates to remediate the buffer overflow risk.