Remote Code Execution Vulnerability in TOTOLINK Router
CVE-2022-38535

7.2HIGH

Key Information:

Vendor: Totolink
Status: A720r Firmware
Vendor: CVE Published:; 15 September 2022

What is CVE-2022-38535?

The TOTOLINK 720R router version 4.1.5cu.374 has been identified with a remote code execution vulnerability. This issue arises through the setTracerouteCfg function, allowing potential attackers to execute arbitrary code on the device, which could compromise user data and network integrity. It's essential for users to update their devices and implement security measures to mitigate risks associated with this vulnerability.

References

https://github.com/Jfox816/TOTOLINK-720R/blob/177ee39a5a8...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2022
Vulnerability Reserved
Aug 22, 2022

Totolink

What is CVE-2022-38535?

References

CVSS V3.1

Timeline