CVE-2024-37632

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK A3700R version 9.1.2u.6165 20211012

Description A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access.

Recommendations For TOTOLINK A3700R version 9.1.2u.6165 20211012, consider restricting access to the loginAuth function until a patch is available. As a temporary workaround, avoid using the password parameter in the affected login endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

CVE-2024-37632

Affected Products

Totolink A3700R

CVE-2024-37632

Weakness Enumeration

Related Identifiers

Affected Products

References · 7