CVE-2022-29643

Name of the Vulnerable Software and Affected Versions TOTOLINK A3100R versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129

Description The issue is a stack overflow that occurs via the macAddress parameter in the setMacQos function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to the affected API endpoint.

Recommendations For versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129, consider disabling the setMacQos function or restricting access to the macAddress parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.