TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.
The vulnerability classified as CWE-787 (out-of-bounds write) consists of a stack buffer overflow during input data processing by the setIpPortFilterRules function. An attacker can provide a crafted network request containing excess data that overwrites stack memory areas beyond the intended buffer. This can lead to overwriting the function's return address and taking control of the program execution flow.
An unauthenticated attacker acting remotely over the network can cause arbitrary code execution (RCE) with the privileges of the process handling the request, and consequently to full device takeover, loss of confidentiality, integrity and availability.
Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and isolate the device from the public Internet using a firewall.
TOTOLink A7000R with firmware version V9.1.0u.6115_B20201022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink A7000r
HWTotolinkwszystkie wersjeTotolink A7000r Firmware
OSTotolink9.1.0u.6115_b20201022
Related vulnerabilities
TOTOLINK A7000R – bypass uwierzytelnienia przez formLoginAuth.htm
Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP
Stack overflow w TOTOLink A7000R — funkcja setOpModeCfg
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...