Authenticated Stack Overflow in TOTOLINK NR1800X
CVE-2022-41521

8.8HIGH

Key Information:

Vendor: Totolink
Status: Nr1800x Firmware
Vendor: CVE Published:; 6 October 2022

Summary

The TOTOLINK NR1800X model has been found vulnerable to an authenticated stack overflow, triggered through improper handling of the sPort and ePort parameters in the setIpPortFilterRules function. This flaw allows potentially malicious actors with authenticated access to exploit the vulnerability, potentially leading to unauthorized access or control over the affected device. Ensuring that devices are updated to the latest firmware and implementing security best practices is crucial to mitigate risks associated with this vulnerability.

References

https://brief-nymphea-813.notion.site/NR1800X-bof-setIpPo...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2022
Vulnerability Reserved
Sep 26, 2022