How severe is CVE-2024-34196?

CVE-2024-34196 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34196

Name: a3002ru-v3
Author: totolink

8.8HIGH

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx"

发布于: 5/14/2024更新于: 6/18/2025

描述

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

AI分析AI驱动

受影响产品

totolinka3002ru-v3_firmware

3.0.0-b20230809.1615

totolinka3002ru-v3

参考资料

https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1
ExploitThird Party Advisory
https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1
ExploitThird Party Advisory