Denial of Service Vulnerability in TP-Link VN020 F3v(T) Devices
CVE-2024-12342

6.5MEDIUM

Key Information:

Vendor
Tp-link
Status
Vn020 F3v(t)
Vendor
CVE Published:
8 December 2024

Badges

πŸ‘Ύ Exploit Exists

Summary

A critical vulnerability has been identified in the TP-Link VN020 F3v(T) devices, specifically in the Incomplete SOAP Request Handler of the /control/WANIPConnection file. This vulnerability can lead to a denial of service (DoS) condition, disrupting the normal operation of the affected devices. The issue can only be exploited from within the local network, thus posing a threat primarily to internal users. The details of this vulnerability have been publicly disclosed, and users are advised to take protective measures to mitigate potential exploitation.

Affected Version(s)

VN020 F3v(T) TT_V6.2.1021

References

https://vuldb.com/?id.287261
vdb-entry
https://vuldb.com/?ctiid.287261
signaturepermissions-required
https://github.com/Zephkek/TP-WANPunch/blob/main/README.md
exploit

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.