CVE-2024-11237 — HIGH (7.5)

Vulnerability Description

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Vn020-F3V\(T\) Firmware	tt_v6.2.1021
Tp-Link	Vn020-F3V\(T\)	-

Related Weaknesses (CWE)

CWE-121 CWE-119 CWE-787

References

https://github.com/Zephkek/TP-ThumperExploitThird Party Advisory
https://github.com/Zephkek/TP-Thumper/blob/main/poc.cExploit
https://vuldb.com/?ctiid.284672Permissions RequiredVDB Entry
https://vuldb.com/?id.284672Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.438408Third Party AdvisoryVDB Entry
https://www.tp-link.com/Product

FAQ

What is CVE-2024-11237?

CVE-2024-11237 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parse...

How severe is CVE-2024-11237?

CVE-2024-11237 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-11237?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Vn020-F3V\(T\) Firmware, Tp-Link Vn020-F3V\(T\).