CVE-2021-44246

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.

Published: Feb 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44246
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
totolink / a720r_firmware	4.1.5cu.470_b20200911	4.1.5cu.470_b20200911.x
totolink / a830r_firmware	5.9c.4729_b20191112	5.9c.4729_b20191112.x
totolink / a3100r_firmware	4.1.2cu.5050_b20200504	4.1.2cu.5050_b20200504.x

https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_2/2.md

Vulnerability Database

CVE-2021-44246

Deep Security Visibility Without the Complexity