A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
History

Tue, 10 Dec 2024 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link vn020 F3v
Tp-link vn020 F3v Firmware
CPEs cpe:2.3:h:tp-link:vn020_f3v:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:vn020_f3v_firmware:6.2.1021:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link vn020 F3v
Tp-link vn020 F3v Firmware

Mon, 09 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Dec 2024 09:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
Title TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 6.1, 'vector': 'AV:A/AC:L/Au:N/C:N/I:N/A:C'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-08T09:31:05.401Z

Updated: 2024-12-09T15:50:37.719Z

Reserved: 2024-12-07T16:30:19.395Z

Link: CVE-2024-12343

cve-icon Vulnrichment

Updated: 2024-12-09T15:50:32.483Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-08T10:15:04.637

Modified: 2024-12-10T23:26:52.047

Link: CVE-2024-12343

cve-icon Redhat

No data.