PT-2022-23799 · Totolink · Totolink A7000R

Published

2022-08-25

Updated

2022-08-26

CVE-2022-37084

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK A7000R version 9.1.0u.6115 B20201022

Description A stack overflow issue was discovered, which can be triggered via the sPort parameter at the addEffect function.

Recommendations For version 9.1.0u.6115 B20201022, as a temporary workaround, consider disabling the addEffect function until a patch is available. Avoid using the sPort parameter in the affected function to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-37084

Affected Products

Totolink A7000R

PT-2022-23799 · Totolink · Totolink A7000R

CVE-2022-37084

Weakness Enumeration

Related Identifiers

Affected Products

References · 3