Post-Authentication Buffer Overflow in TOTOLINK Router
CVE-2022-44253

8.8HIGH

Key Information:

Vendor
Totolink
Vendor
CVE Published:
23 November 2022

Summary

The TOTOLINK LR350 router, specifically version V9.3.5u.6369_B20220309, is susceptible to a buffer overflow vulnerability that occurs after user authentication. This vulnerability emerges in the setDiagnosisCfg function via the 'ip' parameter. If exploited, an attacker could manipulate this vulnerability to potentially execute arbitrary code or disrupt normal operation, posing significant risks to network security.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.