PT-2024-22500 · Totolink · Totolink A7000R+1
He Nan
·
Published
2024-03-15
·
Updated
2024-12-16
·
CVE-2024-28639
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLink X5000R version 9.1.0u.6118-B20201102
TOTOLink A7000R version 9.1.0u.6115-B20201022
Description
The issue allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. This can be exploited by sending malicious input to the IP field, resulting in a buffer overflow.
Recommendations
For TOTOLink X5000R version 9.1.0u.6118-B20201102, update to a newer version that contains a fix for this issue.
For TOTOLink A7000R version 9.1.0u.6115-B20201022, update to a newer version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the IP field to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A7000R
Totolink X5000R