CVE-2024-46424

Published: Sep 16, 2024Modified: Sep 17, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.

Affected (1)

Products: Totolink: T8 Firmware

Totolink

1 product

T8 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink T8 Firmware	Version 4.1.5cu.861_b20230220

Running on/with	Platform Versions
Totolink T8	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/UploadCustomModule.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.