CVE-2024-34195

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
References
Link Resource
https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*

History

30 Aug 2024, 15:59

Type Values Removed Values Added
CPE cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824:*:*:*:*:*:*:*
First Time Totolink
Totolink a3002r
Totolink a3002r Firmware
CWE CWE-787
References () https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 - () https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.8

29 Aug 2024, 13:25

Type Values Removed Values Added
Summary
  • (es) El firmware V1.1.1-B20200824 del enrutador inalámbrico TOTOLINK AC1200 A3002R es vulnerable a un desbordamiento de búfer. En la función de manejo de CGI formWlEncrypt del programa del servidor boa, no hay ninguna restricción de longitud en el campo wlan_ssid. Este descuido conduce a un posible desbordamiento de búfer en circunstancias específicas. Por ejemplo, al invocar la función formWlanRedirect con parámetros específicos para alterar el valor de wlan_idx y, posteriormente, invocar la función formWlEncrypt, un atacante puede provocar un desbordamiento de búfer, lo que permite la ejecución arbitraria de comandos o ataques de denegación de servicio.

28 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-121
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

28 Aug 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 20:15

Updated : 2024-08-30 15:59


NVD link : CVE-2024-34195

Mitre link : CVE-2024-34195

CVE.ORG link : CVE-2024-34195


JSON object : View

Products Affected

totolink

  • a3002r
  • a3002r_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow