Buffer Overflow Vulnerability in TOTOLINK Router Product
CVE-2022-44254

8.8HIGH

Key Information:

Vendor: Totolink
Status: Lr350 Firmware
Vendor: CVE Published:; 23 November 2022

Summary

The TOTOLINK LR350 router versions up to V9.3.5u.6369_B20220309 are susceptible to a post-authentication buffer overflow vulnerability. This flaw occurs through improper handling of input in the setSmsCfg function, specifically via the 'text' parameter. Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code on the device, potentially leading to unauthorized access and control.

References

https://brief-nymphea-813.notion.site/LR350-bof-setSmsCfg...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Oct 30, 2022