CVE-2024-33820

Published: May 1, 2024Modified: Jun 17, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.

Affected (1)

Products: Totolink: A3002r Firmware

1 product

A3002r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002r Firmware	Version 4.0.0-b20230531.1404

Running on/with	Platform Versions
Totolink A3002r	Version v4

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://gist.github.com/Swind1er/ee095fbfe13f77a5b45b39a5aa82bd17

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/Swind1er/ee095fbfe13f77a5b45b39a5aa82bd17

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.