TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
The vulnerability occurs in the setOpModeCfg function of the TOTOLink A7000R device firmware version V9.1.0u.6115_B20201022. An attacker can supply specially crafted input data to this function, causing a stack buffer overflow. The overflow can overwrite critical control data on the stack, such as the function return address, enabling the attacker to take control of program execution flow.
An unauthenticated remote attacker can achieve full control over the device, including arbitrary code execution (RCE) with the privileges of the process handling the request. The consequence may be complete loss of confidentiality, integrity, and availability of the device.
Patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to restrict access to the device management interface only to trusted hosts and isolate the device from untrusted networks.
TOTOLink A7000R with firmware version V9.1.0u.6115_B20201022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink A7000r
HWTotolinkwszystkie wersjeTotolink A7000r Firmware
OSTotolink9.1.0u.6115_b20201022
Related vulnerabilities
TOTOLINK A7000R – bypass uwierzytelnienia przez formLoginAuth.htm
Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP
Stack overflow w TOTOLink A7000R via setIpPortFilterRules — RCE bez uwierzytelnienia
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...