CRITICAL🇵🇱 Wersja polska

CVE-2024-42545

CVSS 9.8v3.1pub. 2024-08-12upd. 2024-08-13

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of input data length for the ssid parameter in the setWizardCfg function (CWE-120 — classic buffer overflow). An attacker can send a specially crafted request to the device containing excessive data in the ssid field, leading to buffer overflow in memory. This can result in overwriting critical memory areas and executing arbitrary code.

Impact

An attacker can remotely and without authentication gain full control over the device, including the ability to read and modify data and disrupt its operation (loss of confidentiality, integrity, and availability).

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. If an update is not available, it is recommended to restrict access to the device management interface exclusively to trusted local networks and disable remote access over the internet.

Who is affected

TOTOLINK A3700R with firmware version v9.1.2u.5822_B20200513

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A3700r

    HW
    Totolink
    wszystkie wersje
  • Totolink A3700r Firmware

    OS
    Totolink
    9.1.2u.5822_b20200513
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-42543CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w TOTOLINK A3700R — parametr http_host w funkcji loginauth

CVE-2024-37637CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWizardCfg (ssid5g)

CVE-2024-37632CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — podatność w funkcji loginAuth

CVE-2024-37635CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiBasicCfg (ssid)

CVE-2024-37634CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiEasyCfg (parametr ssid)