CVE-2024-34196

Name of the Vulnerable Software and Affected Versions Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU V3 version V3.0.0-B20230809.1615

Description The issue allows attackers to modify the value of the vwlan idx field via "formMultiAP". This can lead to a stack overflow through the formWlEncrypt CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

Recommendations For Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU V3 version V3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the "boa" program and the formWlEncrypt CGI function to minimize the risk of exploitation. Avoid using the vwlan idx field via "formMultiAP" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.