CVE-2022-44255

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK LR350 version 9.3.5u.6369 B20220309

Description The issue is a pre-authentication buffer overflow in the main function, which can be triggered via long post data.

Recommendations For TOTOLINK LR350 version 9.3.5u.6369 B20220309, consider restricting access to the main function to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-44255

Affected Products

Totolink Lr350

CVE-2022-44255

Weakness Enumeration

Related Identifiers

Affected Products

References · 6