CVE-2024-34195

Name of the Vulnerable Software and Affected Versions TOTOLINK AC1200 Wireless Router A3002R Firmware version 1.1.1-B20200824

Description The issue is related to a Buffer Overflow vulnerability in the boa server program's CGI handling function formWlEncrypt, due to a lack of length restriction on the wlan ssid field. This can lead to potential buffer overflow under specific circumstances, enabling arbitrary command execution or denial of service attacks. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.