CVE-2024-33820Classic Buffer Overflow in A3002r Firmware

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 63.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A3002r Firmware
Timeline
PublishedMay 1

Description

Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

NVDtotolink/a3002r_firmware4.0.0-b20230531.1404

🔴Vulnerability Details

2
GHSA
GHSA-pccf-f85g-p7gq: Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V42024-05-01
CVEList
CVE-2024-33820: Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V42024-05-01
CVE-2024-33820 — Classic Buffer Overflow | cvebase