Skip to main content

Cp450 Firmware CVE-2024-34200

HIGH
Out-of-bounds Read (CWE-125)
2024-05-14 cve@mitre.org
8.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 14, 2024 - 15:38 cve.org
HIGH 8.8

DescriptionCVE.org

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.

AnalysisAI

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. Affected products include: Totolink Cp450 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2024-34213 CRITICAL POC
9.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForw

CVE-2024-34209 CRITICAL POC
9.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFi

CVE-2024-34204 CRITICAL POC
9.8 May 14

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the set

CVE-2024-7332 CRITICAL POC
9.3 Aug 01

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated critical severity (CVSS 9.3), this vulnerabilit

CVE-2024-34211 HIGH POC
8.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample

CVE-2024-34207 HIGH POC
8.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDh

CVE-2024-7465 HIGH POC
8.7 Aug 05

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated high severit

CVE-2024-34219 HIGH POC
8.6 May 14

TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allo

CVE-2024-34217 HIGH POC
7.7 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfil

CVE-2024-34215 HIGH POC
7.3 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilte

CVE-2024-34212 HIGH POC
7.3 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunu

CVE-2024-34210 HIGH POC
7.3 May 14

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the Clo

Share

CVE-2024-34200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy