Buffer Overflow Vulnerability in TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011
CVE-2024-34198

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: A3002ru Firmware
Vendor: CVE Published:; 28 August 2024

What is CVE-2024-34198?

The TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 contains a buffer overflow vulnerability in its WlEncrypt CGI handler. This flaw occurs due to insufficient validation of input length for the wlan_ssid field, allowing malicious users to send crafted HTTP requests with excessively long values. Such actions can cause a stack overflow, which may enable attackers to execute arbitrary commands on the device or conduct denial-of-service attacks, compromising network integrity and availability.

References

https://gist.github.com/Swind1er/02f6cb414e440c34878f20fe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
May 2, 2024

CVE-2024-34198 Data

JSON