This issue was discovered during internal testing. As a precautionary measure, we are notifying our customers and partners about this issue. We recommend updating your devices as soon as possible. If you have updated your device and encountered this issue, we recommend that you delete the totolink.bin file from your device and reboot the device for the changes to take effect.

Q &A

Q. What is the CVE-2022-37080 vulnerability?
A. CVE-2022-37080 is a vulnerability that was discovered during internal testing and that affects all totolink devices running firmware version 1.1.

• The SD card, it is located under C:\Program Files (x86)\TotalLink\SDK\bin
• The internal storage, it is located under "C:\Users\%username%\AppData\Local\VirtualStore\"
• On Windows 8 and newer operating systems, the file may be found in your system's temp directory.
The file contains firmware for the TotalLink device, which allows attackers to exploit this vulnerability. If you are running an older version of the TotalLink SDK on your device and have updated your software, we recommend deleting the totolink.bin file from your device and rebooting it to ensure that there are no left-over files on the device with this vulnerability.

If you are having problems with your Totolink GSM SIM card, this issue could be because of:
- the device does not recognize the SIM card.
- the device does not receive text messages from the SIM card.
- the SIM card has been tampered with or replaced.
- the network is not detecting a SIM card present in your device.

How to check if you're affected by the CVE-2022-37080

To check if your device is affected by this issue, please follow the instructions below:
a) On your device, open Settings --> About phone/tablet.
b) The build number will appear at the bottom of the screen and should be "M89W."
c) If your build number does not match the one shown in the list above, you are not affected by this issue.

Timeline

Published on: 08/25/2022 15:15:00 UTC
Last modified on: 08/26/2022 17:13:00 UTC

References