CVE-2022-29642

Name of the Vulnerable Software and Affected Versions TOTOLINK A3100R versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129

Description A stack overflow issue was discovered via the url parameter in the setUrlFilterRules() function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to the /api endpoint, although the exact endpoint is not specified.

Recommendations For versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129, consider disabling the setUrlFilterRules() function as a temporary workaround until a patch is available. Restrict access to the url parameter in the affected function to minimize the risk of exploitation.