PT-2022-19750 · Totolink · Totolink A3100R
Hijin0925
·
Published
2022-05-18
·
Updated
2022-05-26
·
CVE-2022-29646
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3100R version V4.1.2cu.5050 B20200504
TOTOLINK A3100R version V4.1.2cu.5247 B20211129
Description
An access control issue allows attackers to obtain sensitive information via a crafted web request.
Recommendations
For TOTOLINK A3100R version V4.1.2cu.5050 B20200504, update to a version that addresses the access control issue.
For TOTOLINK A3100R version V4.1.2cu.5247 B20211129, update to a version that addresses the access control issue.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3100R