CVE-2024-42546

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*

History

13 Aug 2024, 17:08

Type Values Removed Values Added
First Time Totolink
Totolink a3100r Firmware
Totolink a3100r
CPE cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-120
References () https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth_password.md - () https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth_password.md - Exploit, Third Party Advisory

13 Aug 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) TOTOLINK A3100R V4.1.2cu.5050_B20200504 tiene una vulnerabilidad de desbordamiento del búfer en el parámetro de contraseña en la función loginauth.

12 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 19:15

Updated : 2024-08-15 16:35


NVD link : CVE-2024-42546

Mitre link : CVE-2024-42546

CVE.ORG link : CVE-2024-42546


JSON object : View

Products Affected

totolink

  • a3100r
  • a3100r_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')