CVE-2024-34196

Published: May 14, 2024Modified: Jun 18, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

Affected (1)

Products: Totolink: A3002ru V3 Firmware

1 product

A3002ru V3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002ru V3 Firmware	Version 3.0.0-b20230809.1615

Running on/with	Platform Versions
Totolink A3002ru V3	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.