CVE-2022-29377 – This vulnerability is a stack buffer overflow i... (How to Fix)

Q: What is the severity of CVE-2022-29377?

CVE-2022-29377 has a CVSS score of 7.5 (HIGH). This vulnerability is a stack buffer overflow in the Totolink A3600R router's infostat.cgi component, triggered via the CONTENT_LENGTH parameter. Attackers can exploit this to cause a Denial of Service (DoS) by crashing the device. Only Totolink A3600R routers running the specific vulnerable firmware version are affected.

📋 TL;DR

This vulnerability is a stack buffer overflow in the Totolink A3600R router's infostat.cgi component, triggered via the CONTENT_LENGTH parameter. Attackers can exploit this to cause a Denial of Service (DoS) by crashing the device. Only Totolink A3600R routers running the specific vulnerable firmware version are affected.

💻 Affected Systems

Products:

Totolink A3600R

Versions: V4.1.2cu.5182_B20201102

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; web interface must be accessible to exploit.

📦 What is this software?

A3600r Firmware by Totolink

View all CVEs affecting A3600r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Temporary DoS causing router reboot and brief network interruption for connected devices.

🟢

If Mitigated

Minimal impact if device is behind firewall with restricted web interface access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending crafted HTTP request to infostat.cgi endpoint; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

No official patch available. Check Totolink website for firmware updates and upgrade to latest version if available.

🔧 Temporary Workarounds

Disable Web Interface Access

linux

Block external access to router's web administration interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Implement strict firewall rules to block all external access to router web interface ports (80, 443, 8080)
Monitor router logs for unusual HTTP requests to infostat.cgi and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check firmware version via router web interface at System Status > Firmware Version

Check Version:

curl -s http://router-ip/status.cgi | grep Firmware

Verify Fix Applied:

Verify firmware version is different from V4.1.2cu.5182_B20201102

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP POST requests to /infostat.cgi with abnormal CONTENT_LENGTH values
Router crash/reboot logs

Network Indicators:

HTTP traffic to router IP on port 80/443 with POST to infostat.cgi and large CONTENT_LENGTH

SIEM Query:

source="router_logs" AND uri="/infostat.cgi" AND method="POST" AND content_length>10000

📊 Metadata

CVE ID: CVE-2022-29377

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: May 24, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/molezsbd/iot-cve/tree/master/totolink/a3600r Exploit,Third Party Advisory
https://github.com/molezsbd/iot-cve/tree/master/totolink/a3600r Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29377, you might also want to check these: