CVE-2024-36650 – This buffer overflow vulnerability in TOTOLINK ... (How to Fix)

Q: What is the severity of CVE-2024-36650?

CVE-2024-36650 has a CVSS score of 7.5 (HIGH). This buffer overflow vulnerability in TOTOLINK AC1200 router firmware allows attackers to send specially crafted HTTP or MQTT requests to the 'setNoticeCfg' function, potentially causing denial-of-service. It affects users of TOTOLINK AC1200 routers running vulnerable firmware versions. The vulnerability stems from improper input validation of the NoticeUrl parameter.

📋 TL;DR

This buffer overflow vulnerability in TOTOLINK AC1200 router firmware allows attackers to send specially crafted HTTP or MQTT requests to the 'setNoticeCfg' function, potentially causing denial-of-service. It affects users of TOTOLINK AC1200 routers running vulnerable firmware versions. The vulnerability stems from improper input validation of the NoticeUrl parameter.

💻 Affected Systems

Products:

TOTOLINK AC1200 Wireless Dual Band Gigabit Router

Versions: Firmware A3100R V4.1.2cu.5247_B20211129

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration. The cgi function 'setNoticeCfg' in /lib/cste_modules/system.so is affected.

📦 What is this software?

A3100r Firmware by Totolink

View all CVEs affecting A3100r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, persistent backdoor installation, and network infiltration.

🟠

Likely Case

Router crash/reboot causing temporary network outage and denial-of-service.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules blocking external access to router management.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the vulnerability can be triggered via HTTP/MQTT requests.

🏢 Internal Only: MEDIUM - Attackers would need internal network access, but once inside, exploitation is straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept details are publicly available in the referenced GitHub gist. Exploitation requires sending crafted HTTP/MQTT requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for AC1200 model. 3. Access router admin panel. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router management interface

Access router admin panel -> System -> Remote Management -> Disable

Block vulnerable endpoint

linux

Use firewall rules to block access to the setNoticeCfg CGI function

iptables -A INPUT -p tcp --dport 80 -m string --string "setNoticeCfg" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "setNoticeCfg" --algo bm -j DROP

🧯 If You Can't Patch

Segment router management interface to internal network only
Implement network monitoring for unusual HTTP/MQTT requests to router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin panel under System Status or Firmware Upgrade section

Check Version:

curl -s http://router-ip/cgi-bin/luci/ | grep -i firmware || Check web interface manually

Verify Fix Applied:

Verify firmware version has been updated to a version newer than A3100R V4.1.2cu.5247_B20211129

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP POST requests to CGI endpoints with long NoticeUrl parameters
Router crash/reboot logs
Unusual MQTT connection attempts to router

Network Indicators:

HTTP requests with unusually long NoticeUrl parameter
MQTT packets targeting router IP on standard ports
Traffic patterns indicating buffer overflow attempts

SIEM Query:

source="router_logs" AND (uri="*setNoticeCfg*" OR message="*NoticeUrl*" OR message="*buffer overflow*")

📊 Metadata

CVE ID: CVE-2024-36650

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: June 11, 2024

Last Updated: June 4, 2025

🔗 References

https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483 Exploit,Third Party Advisory
https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36650, you might also want to check these: