Buffer Overflow Vulnerability in TOTOLINK A3002R v4.0.0-B20230531.1404
CVE-2024-42520

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: A3002r Firmware
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-42520?

The TOTOLINK A3002R, specifically version 4.0.0-B20230531.1404, has been identified to have a buffer overflow vulnerability in the /bin/boa module through the formParentControl function. This vulnerability presents potential risks to the integrity of the device, allowing unauthorized access and exploitation avenues for attackers. Security measures must be taken to mitigate the risks associated with this vulnerability.

References

https://github.com/c10uds/totolink_A3002R_stackoverflow

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Aug 5, 2024