CRITICAL🇵🇱 Wersja polska

CVE-2024-37632

CVSS 9.8v3.1pub. 2024-06-13upd. 2025-03-13

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

🤖 AI Analysis
How it works

The vulnerability results from lack of proper validation of input data length (CWE-120, CWE-121 — stack buffer overflow). An attacker can send a specially crafted login request to the network device, where the 'password' parameter exceeds the acceptable size of the stack buffer. Stack overflow can enable overwriting of the function return address or other critical data on the stack, leading to arbitrary code execution.

Impact

An attacker without any credentials can remotely execute arbitrary code on the vulnerable device (RCE), which in practice means complete takeover of the router, ability to intercept network traffic, reconfigure the device, or use it as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the fix is deployed, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable remote access (WAN) to the administrative panel.

Who is affected

TOTOLINK A3700R with firmware software version V9.1.2u.6165_20211012

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A3700r

    HW
    Totolink
    wszystkie wersje
  • Totolink A3700r Firmware

    OS
    Totolink
    9.1.2u.6165_20211012
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-42543CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w TOTOLINK A3700R — parametr http_host w funkcji loginauth

CVE-2024-42545CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w parametrze ssid funkcji setWizardCfg — TOTOLINK A3700R

CVE-2024-37637CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWizardCfg (ssid5g)

CVE-2024-37634CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiEasyCfg (parametr ssid)

CVE-2024-37635CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiBasicCfg (ssid)