Post-Authentication Buffer Overflow in TOTOLINK Router Products
CVE-2022-44260

8.8HIGH

Key Information:

Vendor: Totolink
Status: Lr350 Firmware
Vendor: CVE Published:; 23 November 2022

Summary

The TOTOLINK LR350 is susceptible to a post-authentication buffer overflow vulnerability, which can be exploited via the parameters sPort or ePort in the setIpPortFilterRules function. This flaw may allow an attacker to execute arbitrary code, potentially compromising the integrity and availability of the device and the network it serves. Securing your router by updating to the latest firmware and applying recommended security practices is essential to mitigate this risk.

References

https://brief-nymphea-813.notion.site/LR350-bof-setIpPort...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Oct 30, 2022