TOTOLINK WA1200 NULL Pointer Dereference Vulnerability in HTTP Request Handler

A null pointer dereference vulnerability has been identified in the TOTOLINK WA1200-PoE firmware version 5.9c.2914. The issue resides in the 'cstecgi.cgi' file, within the HTTP request handling component. This vulnerability can be exploited remotely by sending a crafted HTTP request to the 'action=login' endpoint. When the CGI program processes the request, it attempts to connect to a local backend service. If this connection fails, the response pointer is not properly validated and remains null. The program then erroneously processes this null pointer as a valid object, leading to a segmentation fault and causing the CGI process to crash. This disruption makes the web management service unavailable, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the 'cstecgi' process to crash, leading to a denial-of-service condition on the device's web management interface. This disruption can be repeated, causing persistent availability issues.

Reproduction

The vulnerability can be reproduced by sending an HTTP request with the 'action=login' parameter to the device's web management interface. If the backend service is unreachable, the 'cstecgi' process will crash due to the null pointer dereference, which can be observed as a segmentation fault.

Remediation

It is recommended to apply restrictive firewalling to mitigate this vulnerability.