Stack Overflow Vulnerability in TOTOLINK N600R Router
CVE-2022-29394

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: N600r Firmware
Vendor: CVE Published:; 10 May 2022

Summary

The TOTOLINK N600R router, specifically version V4.3.0cu.7647_B20210106, is impacted by a stack overflow vulnerability that can be triggered through the 'macAddress' parameter in the device's firmware function. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code, leading to unauthorized access and control over the device, thereby compromising the integrity of the network.

References

https://github.com/d1tto/IoT-vuln/tree/main/Totolink/1.se...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 16, 2022