CRITICAL🇵🇱 Wersja polska

CVE-2024-37634

CVSS 9.8v3.1pub. 2024-06-13upd. 2025-04-03

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.

🤖 AI Analysis
How it works

The vulnerability (CWE-121) is a stack-based buffer overflow caused by passing an excessively long value of the ssid parameter to the setWiFiEasyCfg function. Lack of proper validation of input data length causes overwriting of stack memory areas, enabling the attacker to execute arbitrary code. The attack can be performed remotely, without authentication and without user interaction.

Impact

An attacker can remotely execute arbitrary code (RCE) on the vulnerable router, leading to complete device takeover — loss of confidentiality, integrity, and system availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Until the update is applied, it is recommended to restrict access to the device management interface to trusted networks only and disable remote management over the Internet.

Who is affected

TOTOLINK A3700R with firmware version V9.1.2u.6165_20211012

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A3700r

    HW
    Totolink
    wszystkie wersje
  • Totolink A3700r Firmware

    OS
    Totolink
    9.1.2u.6165_20211012
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-42543CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w TOTOLINK A3700R — parametr http_host w funkcji loginauth

CVE-2024-42545CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w parametrze ssid funkcji setWizardCfg — TOTOLINK A3700R

CVE-2024-37637CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWizardCfg (ssid5g)

CVE-2024-37632CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — podatność w funkcji loginAuth

CVE-2024-37635CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiBasicCfg (ssid)