CVE-2024-35398

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK CP900L version 4.1.5cu.798 B20221228

Description The issue is caused by a stack overflow in the setMacFilterRules function of the TOTOLINK CP900L wireless access point's firmware. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information through the desc parameter.

Recommendations For TOTOLINK CP900L version 4.1.5cu.798 B20221228, consider disabling the setMacFilterRules function as a temporary workaround until a patch is available. Restrict access to the desc parameter in the setMacFilterRules function to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2024-05912

CVE-2024-35398

Affected Products

Totolink Cp900L

CVE-2024-35398

Weakness Enumeration

Related Identifiers

Affected Products

References · 5