Skip to main content

A3002ru Firmware CVE-2024-34198

CRITICAL
Classic Buffer Overflow (CWE-120)
2024-08-28 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 28, 2024 - 15:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.

AnalysisAI

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. Affected products include: Totolink A3002Ru Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2018-13316 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13314 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13307 CRITICAL POC
9.8 Nov 27

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via th

CVE-2018-13306 CRITICAL POC
9.8 Nov 27

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via t

CVE-2018-13315 CRITICAL POC
9.8 Nov 26

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin use

CVE-2025-6393 HIGH POC
8.8 Jun 21

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting

CVE-2025-6163 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others)

CVE-2025-6148 HIGH POC
8.8 Jun 17

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HT

CVE-2025-6337 HIGH POC
8.8 Jun 20

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.

CVE-2025-6953 HIGH POC
8.8 Jul 01

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an un

CVE-2026-26736 HIGH POC
8.8 Feb 17

Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attack

CVE-2025-6939 HIGH POC
8.8 Jul 01

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown f

Share

CVE-2024-34198 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy