Lucene search

MitreCVE-2022-40112

HistorySep 06, 2022 - 5:15 p.m.

CVE-2022-40112

2022-09-0617:15:08

CWE-120

mitre

web.nvd.nist.gov

cve-2022-40112

totolink

a3002r

buffer overflow

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.

Affected configurations

Nvd

Node

totolinka3002r_firmwareMatch1.1.1-b20200824.0128

AND

totolinka3002rMatch-

VendorProductVersionCPE
totolinka3002r_firmware1.1.1-b20200824.0128cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824.0128:*:*:*:*:*:*:*
totolinka3002r-cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	a3002r_firmware	1.1.1-b20200824.0128	cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824.0128:::::::*
totolink	a3002r	-	cpe:2.3:h:totolink:a3002r:-:::::::*

References

github.com/1759134370/iot/blob/main/TOTOLINK/A3002R/3.md

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Related for CVE-2022-40112