CVE-2022-35265

Name of the Vulnerable Software and Affected Versions Robustel R1510 versions 3.1.16 through 3.3.0

Description A denial of service issue exists in the web server hashFirst functionality. This can be triggered by a specially-crafted network request, allowing an attacker to cause a denial of service by sending a sequence of requests. The denial of service is specifically located in the "/action/import nodejs app/" API endpoint. The vulnerability is related to the lack of input data sanitization in the hashFirst function of the GoAhead web server.

Recommendations For versions 3.1.16 through 3.3.0, as a temporary workaround, consider restricting access to the "/action/import nodejs app/" API endpoint to minimize the risk of exploitation. Additionally, disabling the hashFirst functionality until a patch is available could also mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.