Post-Authentication Buffer Overflow in TOTOLINK Router Products
CVE-2022-44260

8.8HIGH

Key Information:

Vendor: Totolink
Status: Lr350 Firmware
Vendor: CVE Published:; 23 November 2022

What is CVE-2022-44260?

The TOTOLINK LR350 is susceptible to a post-authentication buffer overflow vulnerability, which can be exploited via the parameters sPort or ePort in the setIpPortFilterRules function. This flaw may allow an attacker to execute arbitrary code, potentially compromising the integrity and availability of the device and the network it serves. Securing your router by updating to the latest firmware and applying recommended security practices is essential to mitigate this risk.

References

https://brief-nymphea-813.notion.site/LR350-bof-setIpPort...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Oct 30, 2022

Totolink

What is CVE-2022-44260?

References

CVSS V3.1

Timeline