CVE-2022-35267

Name of the Vulnerable Software and Affected Versions Robustel R1510 versions 3.1.16 through 3.3.0

Description A denial of service issue exists in the web server hashFirst functionality. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this issue, which is located in the "/action/import https cert file/" API endpoint, using variables such as https cert file to potentially exploit the vulnerability.

Recommendations For Robustel R1510 versions 3.1.16 through 3.3.0, as a temporary workaround, consider restricting access to the "/action/import https cert file/" API endpoint until a patch is available. Avoid using the /action/import https cert file/ API endpoint in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.