CVE-2024-12343

Name of the Vulnerable Software and Affected Versions: TP-Link VN020 F3v(T) version TT V6.2.1021

Description: A critical vulnerability has been found in the TP-Link VN020 F3v(T) router. The issue is related to the SOAP Request Handler component, specifically an unknown function of the file /control/WANIPConnection. The manipulation of the NewConnectionType argument leads to a buffer overflow. The attack must be performed within the local network. The exploit has been disclosed to the public and may be used. This vulnerability can be exploited by an attacker to cause a denial of service.

Recommendations: For TP-Link VN020 F3v(T) version TT V6.2.1021, as a temporary workaround, consider disabling the SOAP Request Handler component until a patch is available. Restrict access to the /control/WANIPConnection file to minimize the risk of exploitation. Avoid using the NewConnectionType argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.