Details of VAR-202211-1532

ID

VAR-202211-1532

CVE

CVE-2022-44257

TITLE

TOTOLINK of lr350 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-021443

DESCRIPTION

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. TOTOLINK of lr350 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR350 is a 4G LTE router released by China's TOTOLINK Electronics. It converts 4G signals into wired signals and is suitable for home and office use. An attacker could exploit this vulnerability to cause remote code execution

Trust: 2.16

sources: NVD: CVE-2022-44257 // JVNDB: JVNDB-2022-021443 // CNVD: CNVD-2025-21014

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21014

AFFECTED PRODUCTS

vendor:	totolink	model:	lr350	scope:	eq	version:	9.3.5u.6369_b20220309	Trust: 1.0
vendor:	totolink	model:	lr350	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	lr350	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	lr350	scope:	eq	version:	lr350 firmware 9.3.5u.6369 b20220309	Trust: 0.8
vendor:	totolink	model:	lr350 v9.3.5u.6369 b20220309	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-21014 // JVNDB: JVNDB-2022-021443 // NVD: CVE-2022-44257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44257
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-44257
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-44257
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21014
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3407
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21014
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44257
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-44257
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21014 // CNNVD: CNNVD-202211-3407 // JVNDB: JVNDB-2022-021443 // NVD: CVE-2022-44257 // NVD: CVE-2022-44257

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-021443 // NVD: CVE-2022-44257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3407

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3407

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44257	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-021443	Trust: 0.8
db:	CNVD	id:	CNVD-2025-21014	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3407	Trust: 0.6

sources: CNVD: CNVD-2025-21014 // CNNVD: CNNVD-202211-3407 // JVNDB: JVNDB-2022-021443 // NVD: CVE-2022-44257

REFERENCES

url:	https://brief-nymphea-813.notion.site/lr350-bof-setopmodecfg-9dc3504e403f445b85d5db09176ac406	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-44257	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-44257/	Trust: 0.6

sources: CNVD: CNVD-2025-21014 // CNNVD: CNNVD-202211-3407 // JVNDB: JVNDB-2022-021443 // NVD: CVE-2022-44257

SOURCES

db:	CNVD	id:	CNVD-2025-21014
db:	CNNVD	id:	CNNVD-202211-3407
db:	JVNDB	id:	JVNDB-2022-021443
db:	NVD	id:	CVE-2022-44257

LAST UPDATE DATE

2025-09-13T23:32:12.875000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21014	date:	2025-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202211-3407	date:	2022-11-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-021443	date:	2023-11-10T08:16:00
db:	NVD	id:	CVE-2022-44257	date:	2025-04-25T20:15:33.730

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21014	date:	2025-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202211-3407	date:	2022-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-021443	date:	2023-11-10T00:00:00
db:	NVD	id:	CVE-2022-44257	date:	2022-11-23T16:15:10.867