CVE-2024-34196

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1

Configurations

No configuration.

History

01 Aug 2024, 13:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-120
Summary		(es) Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 es vulnerable al desbordamiento del búfer. El programa "boa" permite a los atacantes modificar el valor del campo "vwlan_idx" mediante "formMultiAP". Esto puede provocar un desbordamiento de la pila a través de la función CGI "formWlEncrypt" al construir solicitudes HTTP maliciosas y pasar un valor SSID de WLAN que excede la longitud esperada, lo que podría resultar en la ejecución de comandos o ataques de denegación de servicio.

14 May 2024, 15:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:38

Updated : 2024-08-01 13:52

NVD link : CVE-2024-34196

Mitre link : CVE-2024-34196

CVE.ORG link : CVE-2024-34196

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

8.8 /10