Stack Overflow Vulnerability in TOTOLINK NR1800X Router
CVE-2022-41522

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Nr1800x Firmware
Vendor: CVE Published:; 6 October 2022

Summary

An unauthenticated stack overflow vulnerability has been identified in the TOTOLINK NR1800X router, where the 'main' function allows attackers to execute arbitrary code without authentication. This flaw can potentially lead to remote code execution, compromising the integrity and security of the device.

References

https://brief-nymphea-813.notion.site/NR1800X-bof-main-pr...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2022
Vulnerability Reserved
Sep 26, 2022