Uncontrolled Resource Consumption in Totolink Products
CVE-2021-43662

6.5MEDIUM

Key Information:

Vendor: Totolink
Status: Ex300 V2 Firmware
Vendor: CVE Published:; 31 March 2022

Summary

The Totolink EX300_v2 and A720R models have been reported to have a vulnerability that allows for uncontrolled resource consumption, which could lead to significant performance degradation or outages. Users of versions V4.0.3c.140_B20210429 for the EX300_v2 and V4.1.5cu.470_B20200911 for the A720R need to be aware of this issue and consider implementing mitigations to safeguard their networks.

References

https://github.com/chibataiki/iot-vuls/blob/main/totolink...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Nov 15, 2021