Stack Buffer Overflow Vulnerability in TOTOLINK CP450
CVE-2024-34209

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: Cp450 Firmware
Vendor: CVE Published:; 14 May 2024

Summary

A stack buffer overflow vulnerability exists in the setIpPortFilterRules function of TOTOLINK CP450 version v4.1.0cu.747_B20191224. This vulnerability may be exploited to overwrite adjacent memory, potentially allowing attackers to execute arbitrary code or cause a denial of service. The issue arises from inadequate validation of input parameters, emphasizing the importance of securing IoT devices against such risks.

References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpPo...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024