Vulnerabilites related to TP-Link - VN020 F3v(T)
CVE-2024-12342 (GCVE-0-2024-12342)
Vulnerability from cvelistv5
Published
2024-12-08 06:31
Modified
2024-12-09 15:51
Severity ?
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service
Summary
A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287261 | vdb-entry | |
| https://vuldb.com/?ctiid.287261 | signature, permissions-required | |
| https://github.com/Zephkek/TP-WANPunch/blob/main/README.md | exploit | |
| https://www.tp-link.com/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | VN020 F3v(T) |
Version: TT_V6.2.1021 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:51:34.082853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:51:51.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Incomplete SOAP Request Handler"
],
"product": "VN020 F3v(T)",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TT_V6.2.1021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TP-Link VN020 F3v(T) TT_V6.2.1021 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /control/WANIPConnection der Komponente Incomplete SOAP Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-08T06:31:05.109Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-287261 | TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.287261"
},
{
"name": "VDB-287261 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.287261"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Zephkek/TP-WANPunch/blob/main/README.md"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-07T17:36:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12342",
"datePublished": "2024-12-08T06:31:05.109Z",
"dateReserved": "2024-12-07T16:30:15.752Z",
"dateUpdated": "2024-12-09T15:51:51.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12343 (GCVE-0-2024-12343)
Vulnerability from cvelistv5
Published
2024-12-08 09:31
Modified
2024-12-09 15:50
Severity ?
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287262 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287262 | signature, permissions-required | |
| https://vuldb.com/?submit.446212 | third-party-advisory | |
| https://github.com/Zephkek/TP-WANPunch/blob/main/README.md | exploit | |
| https://www.tp-link.com/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | VN020 F3v(T) |
Version: TT_V6.2.1021 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:50:16.645162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:50:37.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SOAP Request Handler"
],
"product": "VN020 F3v(T)",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TT_V6.2.1021"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohamed Maatallah (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TP-Link VN020 F3v(T) TT_V6.2.1021 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /control/WANIPConnection der Komponente SOAP Request Handler. Durch Manipulieren des Arguments NewConnectionType mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-08T09:31:05.401Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-287262 | TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.287262"
},
{
"name": "VDB-287262 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.287262"
},
{
"name": "Submit #446212 | TP-Link VN020 F3v(T) ISP Routers Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Memory Corruption \u0026 DOS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.446212"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Zephkek/TP-WANPunch/blob/main/README.md"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-07T17:36:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12343",
"datePublished": "2024-12-08T09:31:05.401Z",
"dateReserved": "2024-12-07T16:30:19.395Z",
"dateUpdated": "2024-12-09T15:50:37.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11237 (GCVE-0-2024-11237)
Vulnerability from cvelistv5
Published
2024-11-15 12:00
Modified
2024-11-15 20:42
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.284672 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.284672 | signature, permissions-required | |
| https://vuldb.com/?submit.438408 | third-party-advisory | |
| https://github.com/Zephkek/TP-Thumper | related | |
| https://github.com/Zephkek/TP-Thumper/blob/main/poc.c | exploit | |
| https://www.tp-link.com/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | VN020 F3v(T) |
Version: TT_V6.2.1021 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:vn020_f3v_firmware:tt_v6.2.1021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vn020_f3v_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "tt_v6.2.1021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11237",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T20:29:12.783100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:42:20.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"DHCP DISCOVER Packet Parser"
],
"product": "VN020 F3v(T)",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TT_V6.2.1021"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohamed Maatallah (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in TP-Link VN020 F3v(T) TT_V6.2.1021 entdeckt. Dies betrifft einen unbekannten Teil der Komponente DHCP DISCOVER Packet Parser. Durch die Manipulation des Arguments hostname mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T12:00:15.886Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284672 | TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.284672"
},
{
"name": "VDB-284672 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284672"
},
{
"name": "Submit #438408 | TP-Link VN020 F3v(T) ISP Routers Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.438408"
},
{
"tags": [
"related"
],
"url": "https://github.com/Zephkek/TP-Thumper"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Zephkek/TP-Thumper/blob/main/poc.c"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-15T08:09:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11237",
"datePublished": "2024-11-15T12:00:15.886Z",
"dateReserved": "2024-11-15T07:04:26.277Z",
"dateUpdated": "2024-11-15T20:42:20.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12344 (GCVE-0-2024-12344)
Vulnerability from cvelistv5
Published
2024-12-08 23:00
Modified
2024-12-09 15:48
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption
Summary
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287265 | vdb-entry | |
| https://vuldb.com/?ctiid.287265 | signature, permissions-required | |
| https://vuldb.com/?submit.452658 | third-party-advisory | |
| https://github.com/Zephkek/TP-1450 | exploit | |
| https://www.tp-link.com/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | VN020 F3v(T) |
Version: TT_V6.2.1021 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:48:11.958537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:48:32.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"FTP USER Command Handler"
],
"product": "VN020 F3v(T)",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TT_V6.2.1021"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohamed Maatallah (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TP-Link VN020 F3v(T) TT_V6.2.1021 gefunden. Es betrifft eine unbekannte Funktion der Komponente FTP USER Command Handler. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-08T23:00:16.366Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-287265 | TP-Link VN020 F3v(T) FTP USER Command memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.287265"
},
{
"name": "VDB-287265 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.287265"
},
{
"name": "Submit #452658 | TP-Link VN020 F3v(T) Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Buffer Overflow \u0026 Memory corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.452658"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Zephkek/TP-1450"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-08T08:56:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link VN020 F3v(T) FTP USER Command memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12344",
"datePublished": "2024-12-08T23:00:16.366Z",
"dateReserved": "2024-12-08T07:51:44.661Z",
"dateUpdated": "2024-12-09T15:48:32.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}