CVE-2024-33820

Name of the Vulnerable Software and Affected Versions Totolink AC1200 Wireless Dual Band Gigabit Router A3002R V4 Firmware V4.0.0-B20230531.1404

Description The issue is caused by a Buffer Overflow vulnerability in the formWlEncrypt function of the boa server, specifically triggered by the length of the wlan ssid field. This vulnerability can be exploited by a remote attacker to execute arbitrary commands or cause a denial of service.

Recommendations For Totolink AC1200 Wireless Dual Band Gigabit Router A3002R V4 Firmware V4.0.0-B20230531.1404, as a temporary workaround, consider disabling the formWlEncrypt function until a patch is available. Restrict access to the boa server to minimize the risk of exploitation. Avoid using the wlan ssid field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.