Stack Buffer Overflow Vulnerability in TOTOLINK CP450
CVE-2024-34217

7.7HIGH

Key Information:

Vendor: TOTOLINK
Status: Cp450 Firmware
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-34217?

The TOTOLINK CP450, version 4.1.0cu.747_B20191224, is susceptible to a stack buffer overflow vulnerability within the addWlProfileClientMode function. This weakness allows an attacker to manipulate the stack, potentially leading to unauthorized access or execution of arbitrary code. It is crucial for users of this device to assess their security posture and apply any available patches or mitigations to defend against potential exploitation.

References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/addWlPr...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024