CVE-2022-28664

Name of the Vulnerable Software and Affected Versions FreshTomato version 2022.1

Description A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An attacker can exploit this by sending a network request. The freshtomato-mips has a vulnerable URL-decoding feature that can also lead to memory corruption.

Recommendations For FreshTomato version 2022.1, consider disabling the URL-decoding feature in freshtomato-mips as a temporary workaround until a patch is available. Restrict access to the httpd unescape functionality to minimize the risk of exploitation. Avoid using the vulnerable URL-decoding feature in freshtomato-mips until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.