CVE-2022-41526 — Out-of-bounds Write in Nr1800x Firmware

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink Nr1800x Firmware

Timeline

PublishedOct 6

Latest updateOct 7

Description

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/nr1800x_firmware9.1.0u.6279_b20210910

🔴Vulnerability Details

GHSA

GHSA-hg64-cj58-6ffc: TOTOLINK NR1800X V9↗2022-10-07

▶

CVEList

CVE-2022-41526: TOTOLINK NR1800X V9↗2022-10-06

▶