SecuriTricks - CVE-2024-11237

Description

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Product(s) Impacted

Vendor	Product	Versions
Tp-link	Vn020-f3v\(t\) Firmware Vn020-f3v\(t\)	tt_v6.2.1021 -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	tp-link	vn020-f3v\(t\)_firmware	tt_v6.2.1021	/	/	/	/	/	/	/
h	tp-link	vn020-f3v\(t\)	-	/	/	/	/	/	/	/

References

https://github.com/Zephkek/TP-Thumper

https://github.com/Zephkek/TP-Thumper/blob/main/poc.c

https://vuldb.com/?ctiid.284672

https://vuldb.com/?id.284672

https://vuldb.com/?submit.438408

https://www.tp-link.com/

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: Nov. 15, 2024, 12:15 p.m.
Last Modified: Nov. 19, 2024, 7:04 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2024-11237