PT-2022-22666 · Robustel · Robustel R1510
Francesco Benvenuto
·
Published
2022-10-25
·
Updated
2023-04-26
·
CVE-2022-35262
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Robustel R1510 versions 3.1.16 through 3.3.0
Description
A denial of service issue exists in the web server hashFirst functionality. It can be triggered by a specially-crafted network request, allowing an attacker to send a sequence of requests to cause a denial of service. The denial of service occurs in the "/action/import xml file/" API endpoint.
Recommendations
For versions 3.1.16 through 3.3.0, as a temporary workaround, consider restricting access to the "/action/import xml file/" API endpoint until a patch is available. Avoid using this endpoint in production environments to minimize the risk of exploitation.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Robustel R1510