Denial of Service Vulnerability in TP-Link VN020 F3v(T) Devices
CVE-2024-12342

6.5MEDIUM

Key Information:

Vendor: Tp-link
Status: Vn020 F3v(t)
Vendor: CVE Published:; 8 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-12342?

A critical vulnerability has been identified in the TP-Link VN020 F3v(T) devices, specifically in the Incomplete SOAP Request Handler of the /control/WANIPConnection file. This vulnerability can lead to a denial of service (DoS) condition, disrupting the normal operation of the affected devices. The issue can only be exploited from within the local network, thus posing a threat primarily to internal users. The details of this vulnerability have been publicly disclosed, and users are advised to take protective measures to mitigate potential exploitation.

Affected Version(s)

VN020 F3v(T) TT_V6.2.1021

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

TPLink-VN020-DoS
Created by becrevex

References

https://vuldb.com/?id.287261

vdb-entry

https://vuldb.com/?ctiid.287261

signaturepermissions-required

https://github.com/Zephkek/TP-WANPunch/blob/main/README.md

exploit

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 8, 2024
👾
Exploit known to exist
Dec 8, 2024
Vulnerability published
Dec 8, 2024
Vulnerability Reserved
Dec 7, 2024

Tp-link

Badges

What is CVE-2024-12342?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline