Stack Buffer Overflow in TOTOLINK CPE Products
CVE-2024-34200

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: Cp450 Firmware
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-34200?

The TOTOLINK CPE CP450 devices are susceptible to a stack buffer overflow vulnerability present in the setIpQosRules function. This flaw can arise when improper validation for input is implemented, allowing an attacker to manipulate memory, potentially leading to unauthorized access or denial of service. Users of affected versions should prioritize updates to mitigate risks associated with this vulnerability, ensuring the integrity and security of their network devices.

References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpQo...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024