CVE-2022-36484 in N350RTinfo

Summary

by MITRE • 08/25/2022

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 10/01/2022

The vulnerability identified as CVE-2022-36484 affects the TOTOLINK N350RT router firmware version V9.3.5u.6139_B20201216, representing a critical stack overflow condition that stems from improper input validation within the setDiagnosisCfg function. This particular implementation flaw resides in the router's web management interface, where user-supplied data is processed without adequate bounds checking or sanitization measures. The stack overflow vulnerability creates a potential pathway for remote code execution and system compromise, as malicious actors can manipulate the function's parameters to overwrite critical memory locations on the device's stack.

The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions occurring when insufficient space is allocated for data storage in stack memory. The setDiagnosisCfg function likely accepts parameters through HTTP requests or API calls that are directly used in memory operations without proper validation of input length or content. When an attacker sends a specially crafted payload containing excessive data to this function, the program fails to properly handle the overflow condition, leading to memory corruption that can be exploited to redirect program execution flow. This type of vulnerability is particularly dangerous in network devices because it can be triggered remotely without requiring authentication or physical access to the device.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it provides attackers with potential access to the router's underlying operating system and administrative functions. An attacker could leverage this vulnerability to execute arbitrary code on the device, potentially gaining full administrative control over the router's configuration, network traffic interception capabilities, or even using the compromised device as a pivot point for attacking other systems within the local network. The vulnerability's remote exploitability means that attackers do not need to be physically present or have network access to the device, making it particularly concerning for enterprise environments where network infrastructure devices are often exposed to external threats.

Security professionals should consider this vulnerability in the context of the MITRE ATT&CK framework, specifically mapping it to techniques involving remote code execution and privilege escalation. The vulnerability could be classified under T1059 for command and script injection, as successful exploitation would allow attackers to execute arbitrary commands on the affected device. Additionally, the attack surface for this vulnerability encompasses multiple ATT&CK tactics including initial access through network-based attacks, persistence via potentially modified router configurations, and privilege escalation to gain administrative control over network infrastructure. Organizations should prioritize immediate firmware updates from TOTOLINK to address this vulnerability, as the manufacturer has likely released patches to correct the input validation issues in the setDiagnosisCfg function. Network segmentation and monitoring for unusual traffic patterns related to router management interfaces should also be implemented as additional defensive measures while awaiting official patches.

Reservation

07/25/2022

Disclosure

08/25/2022

Moderation

accepted

CPE

ready

EPSS

0.00331

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!