TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
The vulnerability results from insufficient validation of input data length in the http_host parameter during request processing by the loginauth function. An attacker can supply an excessively long string that exceeds the boundaries of the allocated buffer in memory (CWE-120 — classic buffer overflow). Buffer overflow can lead to overwriting adjacent memory areas and hijacking control of the program's execution flow.
An unauthenticated remote attacker can gain full control of the device, potentially executing arbitrary code (RCE) with the privileges of the login handling process. This can result in complete compromise of the device's confidentiality, integrity, and availability.
Security patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to restrict access to the device's management panel exclusively to trusted networks or IP addresses, and to disable remote access to the administrative interface.
TOTOLINK A3700R with firmware version v9.1.2u.5822_B20200513
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink A3700r
HWTotolinkwszystkie wersjeTotolink A3700r Firmware
OSTotolink9.1.2u.5822_b20200513
Related vulnerabilities
Buffer overflow w parametrze ssid funkcji setWizardCfg — TOTOLINK A3700R
Stack overflow w TOTOLINK A3700R — funkcja setWizardCfg (ssid5g)
Stack overflow w TOTOLINK A3700R — podatność w funkcji loginAuth
Stack overflow w TOTOLINK A3700R — funkcja setWiFiBasicCfg (ssid)
Stack overflow w TOTOLINK A3700R — funkcja setWiFiEasyCfg (parametr ssid)