CVE-2021-44246

Name of the Vulnerable Software and Affected Versions Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A830R version 5.9c.4729 B20191112 Totolink A720R version 4.1.5cu.470 B20200911

Description A stack overflow was discovered in the setNoticeCfg function, allowing attackers to cause a Denial of Service (DoS) via the IpTo parameter.

Recommendations For Totolink A3100R version 4.1.2cu.5050 B20200504, consider disabling the setNoticeCfg function to prevent exploitation. For Totolink A830R version 5.9c.4729 B20191112, restrict access to the IpTo parameter in the affected API endpoint until a fix is available. For Totolink A720R version 4.1.5cu.470 B20200911, avoid using the IpTo parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.