CVE-2024-34196

May 14, 2024, 4:12 p.m.

Tags

cve@mitre.org
2024-05-14
CVE-2024-34196

Product(s) Impacted

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3

  • V3.0.0-B20230809.1615

Description

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

Weaknesses

Date

Published: May 14, 2024, 3:38 p.m.

Last Modified: May 14, 2024, 4:12 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1
cve@mitre.org