Lucene search

[email protected]NVD:CVE-2024-37632

HistoryJun 13, 2024 - 7:15 p.m.

CVE-2024-37632

2024-06-1319:15:52

CWE-120

[email protected]

web.nvd.nist.gov

totolink

a3700r

stack overflow

password parameter

loginauth function

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

Affected configurations

Nvd

Node

totolinka3700r_firmwareMatch9.1.2u.6165_20211012

AND

totolinka3700rMatch-

VendorProductVersionCPE
totolinka3700r_firmware9.1.2u.6165_20211012cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:*
totolinka3700r-cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	a3700r_firmware	9.1.2u.6165_20211012	cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:::::::*
totolink	a3700r	-	cpe:2.3:h:totolink:a3700r:-:::::::*

References

github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/loginAuth/README.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON

Related for NVD:CVE-2024-37632

cve1 cvelist1 vulnrichment1