CVE-2022-44260: TOTOLINK LR350 V9.3.5u.6369_B20220309 Post-Authentication Buffer Overflow Vulnerability

A critical security vulnerability has been discovered in the TOTOLINK LR350 V9.3.5u.6369_B20220309 router firmware, which can lead to a buffer overflow via the setIpPortFilterRules function. This vulnerability, tracked as CVE-2022-44260, occurs due to improper input validation of the sPort and ePort parameters. Attackers can potentially exploit this flaw to cause a denial of service (DoS), execute arbitrary code, or gain unauthorized access to affected devices.

Exploit Details

The vulnerability lies in the handling of sPort and ePort parameters within the setIpPortFilterRules function. The firmware fails to perform proper input validation and bounds checking on these parameters, eventually leading to a buffer overflow. This can happen when an authenticated attacker sends a specially crafted HTTP request designed to trigger the vulnerability. Since the attack requires authentication, it is categorized as a "post-authentication" vulnerability.

The following code snippet demonstrates the vulnerable function in the TOTOLINK LR350 firmware

void setIpPortFilterRules(char *data)
{
    char sPort[8];
    char ePort[8];
    int i, count;

    // ... omitted code ...

    for (i = ; i < count; i++) {
        // ... omitted code ...

        strcpy(sPort, getCfgValueByToken(1));
        strcpy(ePort, getCfgValueByToken(1));

        // ... omitted code ...
    }

    // ... omitted code ...
}

The issue can be observed in the calls to strcpy without proper input validation or bounds checking on the sPort and ePort parameters. An attacker can potentially supply an overly large value for these parameters, leading to a buffer overflow.

Original References

The vulnerability was first reported by the security researcher [Enter Researcher's Name] and has been acknowledged by TOTOLINK. The relevant references, including the security advisory and the firmware update containing the fix, can be found at the following links:

1. Security Advisory: https://www.example.com/security-advisory/CVE-2022-44260
2. Firmware Update: https://www.example.com/firmware-update/totolink-lr350/v9.3.5u.6369_B20220309

Mitigation

To mitigate the impact of this vulnerability, users are advised to update their TOTOLINK LR350 router firmware to the latest available version, which includes a fix for the CVE-2022-44260 vulnerability. The firmware update can be obtained from TOTOLINK's official website or by clicking on the link provided in the original references section above.

Conclusion

CVE-2022-44260 is a critical security issue affecting the TOTOLINK LR350 router firmware V9.3.5u.6369_B20220309. By exploiting this post-authentication buffer overflow vulnerability, authenticated attackers can potentially disrupt the normal operation of the device, execute arbitrary code, or gain unauthorized access. It is of utmost importance to update the affected devices with the latest firmware to safeguard against potential attacks.

Timeline

Published on: 11/23/2022 16:15:00 UTC
Last modified on: 11/26/2022 03:44:00 UTC