CVE-2022-29641

Name of the Vulnerable Software and Affected Versions TOTOLINK A3100R versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129

Description The issue is related to a stack overflow via the startTime and endTime parameters in the setParentalRules function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to the affected API endpoint.

Recommendations For versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129, consider disabling the setParentalRules function as a temporary workaround to prevent exploitation. Restrict access to the API endpoint that accepts startTime and endTime parameters to minimize the risk of Denial of Service (DoS) attacks.