CVE-2024-1021
published 2024-01-29CVE-2024-1021: A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
34.96%
98.2th percentile
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitlab | gitlab | — | — |
| gitlab | gitlab_ce | — | — |
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_extended_stable | — | — |
| msrc | microsoft_edge_for_android | — | — |
| plone | plone | >= 0 < 6.0.7 | 6.0.7 |
| ruifang-tech | rebuild | <= 3.5.5 | — |
| ruifang-tech | rebuild | — | — |
| ruifang-tech | rebuild | — | — |
| ruifang-tech | rebuild | — | — |
| ruifang-tech | rebuild | — | — |
| ruifang-tech | rebuild | — | — |
| ruifang-tech | rebuild | — | — |
| zenml | zenml | >= 0 < 0.56.3 | 0.56.3 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
condition: and - contains(body_1, ' Interactsh Server ') - !contains(body_1, ' Interactsh Server ') - status_code_2 == 200
- →The vulnerability targets the `readRawText` function in Rebuild's HTTP Request Handler via manipulation of the `url` argument, enabling Server-Side Request Forgery (SSRF). Monitor outbound HTTP requests originating from the Rebuild application server to internal or unexpected external hosts. ↗
- →The exploit uses an out-of-band interaction technique (Interactsh) to confirm SSRF. Detect by monitoring for Rebuild server-initiated DNS/HTTP callbacks to Interactsh infrastructure or similar OOB services.
- →The exploit has been publicly disclosed and may be actively used against Rebuild versions up to and including 3.5.5. Prioritize detection on instances running these versions. ↗
- ·Affected versions are Rebuild up to 3.5.5; the SSRF is triggered remotely without authentication requirements mentioned, broadening the attack surface. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck6.3MEDIUM
vendor_redhat8.8HIGH
vendor_msrc6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Clickjacking in zenml
ghsa·2024-06-06
CVE-2024-2383 [MEDIUM] CWE-1021 Clickjacking in zenml
Clickjacking in zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
GHSA
GHSA-jr2v-748r-frvv: A vulnerability, which was classified as critical, has been found in Rebuild up to 3
ghsa_unreviewed·2024-01-30
CVE-2024-1021 [MEDIUM] CWE-918 GHSA-jr2v-748r-frvv: A vulnerability, which was classified as critical, has been found in Rebuild up to 3
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.
GHSA
Cross-Frame Scripting vulnerability has been found on Plone CMS
ghsa·2024-01-18
CVE-2024-0669 [HIGH] CWE-1021 Cross-Frame Scripting vulnerability has been found on Plone CMS
Cross-Frame Scripting vulnerability has been found on Plone CMS
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
VulnCheck
ruifang-tech rebuild Server-Side Request Forgery (SSRF)
vulncheck·2024·CVSS 6.3
CVE-2024-1021 [MEDIUM] ruifang-tech rebuild Server-Side Request Forgery (SSRF)
ruifang-tech rebuild Server-Side Request Forgery (SSRF)
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.
Affected: ruifang-tech rebuild
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-04-04&host_type=src&vulnerabil
GitLab
CVE-2024-7404: An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting fro
vendor_gitlab·2024-11-14·CVSS 6.8
CVE-2024-7404 [MEDIUM] CWE-1021 CVE-2024-7404: An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting fro
CVE-2024-7404: An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
Red Hat
firefox: thunderbird: Potential directory upload bypass via clickjacking
vendor_redhat·2024-10-01·CVSS 6.1
CVE-2024-9397 [MEDIUM] CWE-1021 firefox: thunderbird: Potential directory upload bypass via clickjacking
firefox: thunderbird: Potential directory upload bypass via clickjacking
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Affected
Package: thunderbird (Red Hat Enterprise L
Red Hat
kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()
vendor_redhat·2024-08-21·CVSS 5.5
CVE-2024-43875 [MEDIUM] CWE-476 kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()
kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Clean up error handling in vpci_scan_bus()
Smatch complains about inconsistent NULL checking in vpci_scan_bus():
drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)
Instead of printing an error message and then crashing we should return
an error code and clean up.
Also the NULL check is reversed so it prints an error for success
instead of failure.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat En
GitLab
CVE-2024-2177: A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prio
vendor_gitlab·2024-07-09·CVSS 6.8
CVE-2024-2177 [MEDIUM] CWE-1021 CVE-2024-2177: A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prio
CVE-2024-2177: A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2024-04-09·CVSS 4.3
CVE-2024-29981 [MEDIUM] CWE-1021 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.
FAQ:
Microsoft Edge Channel
Microsoft Edge Version
Date Released
Based on Chromium Version
Stable
123.0.2420.81
4/4/2024
123.0.6312.105/.106/.107
Extended Stable
122.0.2365.120
4/4/2024
122.0.6261.156
FAQ: How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vu
Red Hat
Mozilla: Custom cursor could obscure the permission dialog
vendor_redhat·2024-02-20·CVSS 6.1
CVE-2024-1549 [MEDIUM] CWE-1021 Mozilla: Custom cursor could obscure the permission dialog
Mozilla: Custom cursor could obscure the permission dialog
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
The Mozilla Foundation Security Advisory describes this flaw as:
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package:
Red Hat
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
vendor_redhat·2024-02-20·CVSS 6.1
CVE-2024-1550 [MEDIUM] CWE-1021 Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
The Mozilla Foundation Security Advisory describes this flaw as:
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
Statemen
Microsoft
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion
vendor_msrc·2024-02-13·CVSS 6.1
CVE-2024-1550 [MEDIUM] CWE-1021 A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this
Red Hat
Mozilla: Potential permissions request bypass via clickjacking
vendor_redhat·2024-01-23·CVSS 8.8
CVE-2024-0750 [HIGH] CWE-1021 Mozilla: Potential permissions request bypass via clickjacking
Mozilla: Potential permissions request bypass via clickjacking
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
The Mozilla Foundation Security Advisory describes this flaw as:
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Red Hat
Mozilla: Failure to update user input timestamp
vendor_redhat·2024-01-23·CVSS 4.3
CVE-2024-0742 [MEDIUM] CWE-1021 Mozilla: Failure to update user input timestamp
Mozilla: Failure to update user input timestamp
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
The Mozilla Foundation Security Advisory describes this flaw as:
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Ente
Red Hat
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
vendor_redhat·2024-01-23·CVSS 6.5
CVE-2024-0747 [MEDIUM] CWE-1021 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
The Mozilla Foundation Security Advisory describes this flaw as:
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Lin
Red Hat
Mozilla: Phishing site popup could show local origin in address bar
vendor_redhat·2024-01-23·CVSS 4.3
CVE-2024-0749 [MEDIUM] CWE-1021 Mozilla: Phishing site popup could show local origin in address bar
Mozilla: Phishing site popup could show local origin in address bar
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.
The Mozilla Foundation Security Advisory describes this flaw as:
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Suricata
GPL FTP DELE overflow attempt
suricata·2010-09-23
CVE-2001-0826 GPL FTP DELE overflow attempt
GPL FTP DELE overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP DELE overflow attempt"; flow:established,to_server; content:"DELE"; nocase; isdataat:100,relative; pcre:"/^DELE\s[^\n]{100}/smi"; reference:bugtraq,2972; reference:cve,2001-0826; reference:cve,2001-1021; classtype:attempted-admin; sid:2101975; rev:10; metadata:created_at 2010_09_23, cve CVE_2001_0826, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP MDTM overflow attempt
suricata·2010-09-23
CVE-2001-1021 GPL FTP MDTM overflow attempt
GPL FTP MDTM overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP MDTM overflow attempt"; flow:established,to_server; content:"MDTM"; nocase; isdataat:100,relative; pcre:"/^MDTM\s[^\n]{100}/smi"; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; reference:nessus,12080; classtype:attempted-admin; sid:2102546; rev:8; metadata:created_at 2010_09_23, cve CVE_2001_1021, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP STAT overflow attempt
suricata·2010-09-23
CVE-2001-0325 GPL FTP STAT overflow attempt
GPL FTP STAT overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"GPL FTP STAT overflow attempt"; flow:established,to_server; content:"STAT"; nocase; isdataat:100,relative; pcre:"/^STAT\s[^\n]{100}/smi"; reference:bugtraq,3507; reference:bugtraq,8542; reference:cve,2001-0325; reference:cve,2001-1021; reference:url,labs.defcom.com/adv/2001/def-2001-31.txt; classtype:attempted-admin; sid:2101379; rev:14; metadata:created_at 2010_09_23, cve CVE_2001_0325, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP RMD overflow attempt
suricata·2010-09-23
CVE-2000-0133 GPL FTP RMD overflow attempt
GPL FTP RMD overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP RMD overflow attempt"; flow:established,to_server; content:"RMD"; nocase; isdataat:100,relative; pcre:"/^RMD\s[^\n]{100}/smi"; reference:bugtraq,2972; reference:cve,2000-0133; reference:cve,2001-0826; reference:cve,2001-1021; classtype:attempted-admin; sid:2101976; rev:11; metadata:created_at 2010_09_23, cve CVE_2000_0133, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP RNTO overflow attempt
suricata·2010-09-23
CVE-2000-0133 GPL FTP RNTO overflow attempt
GPL FTP RNTO overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"GPL FTP RNTO overflow attempt"; flow:established,to_server; content:"RNTO"; nocase; isdataat:100,relative; pcre:"/^RNTO\s[^\n]{100}/smi"; reference:bugtraq,8315; reference:cve,2000-0133; reference:cve,2001-1021; reference:cve,2003-0466; classtype:attempted-admin; sid:2102389; rev:9; metadata:created_at 2010_09_23, cve CVE_2000_0133, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP XMKD overflow attempt
suricata·2010-09-23
CVE-2000-0133 GPL FTP XMKD overflow attempt
GPL FTP XMKD overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"GPL FTP XMKD overflow attempt"; flow:established,to_server; content:"XMKD"; nocase; isdataat:100,relative; pcre:"/^XMKD\s[^\n]{100}/smi"; reference:bugtraq,7909; reference:cve,2000-0133; reference:cve,2001-1021; classtype:attempted-admin; sid:2102373; rev:6; metadata:created_at 2010_09_23, cve CVE_2000_0133, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL FTP invalid MDTM command attempt
suricata·2010-09-23
CVE-2001-1021 GPL FTP invalid MDTM command attempt
GPL FTP invalid MDTM command attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP invalid MDTM command attempt"; flow:established,to_server; content:"MDTM"; fast_pattern; nocase; pcre:"/^MDTM \d+[-+]\D/smi"; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; classtype:attempted-admin; sid:2102416; rev:9; metadata:created_at 2010_09_23, cve CVE_2001_1021, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
exploitdb·2025-05-13·CVSS 8.7
CVE-2024-11237 [HIGH] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
---
/*
* Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
* Date: 10/20/2024
* Exploit Author: Mohamed Maatallah
* Vendor Homepage: https://www.tp-link.com
* Version: TT_V6.2.1021 (VN020-F3v(T))
* Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
* CVE: CVE-2024-11237
* Category: Remote
* Technical Details:
* -----------------
* - Triggers multiple memory corruption vectors in DHCP parsing
* - Primary vector: Stack overflow via oversized hostname (127 bytes)
* - Secondary vector: Parser confusion via malformed length fields
* - Tertiary vector: Vendor specific option parsing edge case
*
* Attack Surface:
* --------------
* - DHCP service running on port 67
* - Processes broadcast DISCOVER p
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
exploitdb·2025-04-17·CVSS 5.3
CVE-2024-12344 [MEDIUM] TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
---
* Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
* Date: 11/24/2024
* Exploit Author: Mohamed Maatallah
* Vendor Homepage: https://www.tp-link.com
* Version: TT_V6.2.1021 (VN020-F3v(T))
* Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
* CVE: CVE-2024-12344
* Category: Remote
* Description:
* A critical buffer overflow and memory corruption vulnerability was discovered in TP-Link VN020-F3v(T) router's FTP server implementation. The vulnerability stems from improper input validation of the USER command, allowing unauthenticated attackers to trigger various failure modes through payload size manipulation:
* 1. 1100 bytes - Delayed crash (5-10 seconds)
* 2. 1450 bytes - Im
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
exploitdb·2025-04-17·CVSS 7.1
CVE-2024-12342 [HIGH] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
---
# Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
# Date: 10/22/2024
# Exploit Author: Mohamed Maatallah
# Vendor Homepage: https://www.tp-link.com
# Version: TT_V6.2.1021 (VN020-F3v(T))
# Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
# CVE: CVE-2024-12342
Description:
Two critical vulnerabilities discovered in TP-Link VN020-F3v(T) router's
UPnP implementation, affecting the WANIPConnection service. The
vulnerabilities allow unauthenticated attackers to cause denial of service
and potential memory corruption through malformed SOAP requests.
Proof of Concept 1 (Missing Parameters DoS):
curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
-H "Content-Type: text/xml" \
-H "S
Nuclei
Rebuild <= 3.5.5 - Server-Side Request Forgery
nuclei·CVSS 9.8
CVE-2024-1021 [CRITICAL] Rebuild <= 3.5.5 - Server-Side Request Forgery
Rebuild Interactsh Server ")'
- '!contains(body_1, " Interactsh Server ")'
- 'status_code_2 == 200'
condition: and
# digest: 4a0a004730450221009fa0a428cdba812826cde01e9adaba153045f2918698693aed5499a08e4979c102207ff4200f18f4a891d10b1d6166cdb10b756548bbe3eb9afbcb3410685ea36d2f:922c64590222798bb761d5b6d8e72950
2024-01-29
Published
Exploited in the wild