CRITICAL🇵🇱 Wersja polska

CVE-2024-42543

CVSS 9.8v3.1pub. 2024-08-12upd. 2024-08-13

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of input data length in the http_host parameter during request processing by the loginauth function. An attacker can supply an excessively long string that exceeds the boundaries of the allocated buffer in memory (CWE-120 — classic buffer overflow). Buffer overflow can lead to overwriting adjacent memory areas and hijacking control of the program's execution flow.

Impact

An unauthenticated remote attacker can gain full control of the device, potentially executing arbitrary code (RCE) with the privileges of the login handling process. This can result in complete compromise of the device's confidentiality, integrity, and availability.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to restrict access to the device's management panel exclusively to trusted networks or IP addresses, and to disable remote access to the administrative interface.

Who is affected

TOTOLINK A3700R with firmware version v9.1.2u.5822_B20200513

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink A3700r

    HW
    Totolink
    wszystkie wersje
  • Totolink A3700r Firmware

    OS
    Totolink
    9.1.2u.5822_b20200513
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-42545CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w parametrze ssid funkcji setWizardCfg — TOTOLINK A3700R

CVE-2024-37637CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWizardCfg (ssid5g)

CVE-2024-37632CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — podatność w funkcji loginAuth

CVE-2024-37635CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiBasicCfg (ssid)

CVE-2024-37634CRITICAL9.8PL ✓ten sam produkt

Stack overflow w TOTOLINK A3700R — funkcja setWiFiEasyCfg (parametr ssid)