CVE-2024-34198 — CRITICAL (9.8)

Vulnerability Description

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Totolink	A3002Ru Firmware	2.1.1-b20230720.1011
Totolink	A3002Ru	-

Related Weaknesses (CWE)

CWE-120

References

https://gist.github.com/Swind1er/02f6cb414e440c34878f20fef756e286ExploitThird Party Advisory

FAQ

What is CVE-2024-34198?

CVE-2024-34198 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from u...

How severe is CVE-2024-34198?

CVE-2024-34198 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-34198?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru.