PT-2022-19742 · Totolink · Totolink A3100R

Hijin0925

Published

2022-05-18

Updated

2022-05-26

CVE-2022-29638

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK A3100R versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129

Description The issue is related to a stack overflow via the comment parameter in the setIpQosRules function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to the affected API endpoint.

Recommendations For versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129, consider disabling the setIpQosRules function until a patch is available to prevent exploitation. Restrict access to the vulnerable comment parameter in the setIpQosRules function to minimize the risk of Denial of Service (DoS) attacks.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-29638

Affected Products

Totolink A3100R

PT-2022-19742 · Totolink · Totolink A3100R

CVE-2022-29638

Weakness Enumeration

Related Identifiers

Affected Products

References · 4