Sign-up

ID

VAR-202411-0796


CVE

CVE-2024-11237


TITLE

TP-LINK Technologies  of  vn020-f3v(t)  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-013008

DESCRIPTION

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TP-LINK Technologies of vn020-f3v(t) An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK vn020-f3vt is a wireless modem from TP-LINK of China. The vulnerability is caused by the network system or product not properly verifying the data boundary when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.16

sources: NVD: CVE-2024-11237 // JVNDB: JVNDB-2024-013008 // CNVD: CNVD-2024-47283

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-47283

AFFECTED PRODUCTS

vendor:tp linkmodel:vn020-f3v\scope:eqversion:tt_v6.2.1021

Trust: 1.0

vendor:tp linkmodel:vn020-f3vscope:eqversion:vn020-f3v(t) firmware tt v6.2.1021

Trust: 0.8

vendor:tp linkmodel:vn020-f3vscope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:vn020-f3vscope: - version: -

Trust: 0.8

vendor:tp linkmodel:vn020-f3vt tt v6.2.1021scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-47283 // JVNDB: JVNDB-2024-013008 // NVD: CVE-2024-11237

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-11237
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-11237
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-013008
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-47283
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-11237
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-013008
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2024-47283
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-11237
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-11237
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-013008
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-47283 // JVNDB: JVNDB-2024-013008 // NVD: CVE-2024-11237 // NVD: CVE-2024-11237

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-013008 // NVD: CVE-2024-11237

EXTERNAL IDS

db:NVDid:CVE-2024-11237

Trust: 3.2

db:VULDBid:284672

Trust: 1.8

db:JVNDBid:JVNDB-2024-013008

Trust: 0.8

db:CNVDid:CNVD-2024-47283

Trust: 0.6

sources: CNVD: CNVD-2024-47283 // JVNDB: JVNDB-2024-013008 // NVD: CVE-2024-11237

REFERENCES

url:https://github.com/zephkek/tp-thumper

Trust: 1.8

url:https://github.com/zephkek/tp-thumper/blob/main/poc.c

Trust: 1.8

url:https://vuldb.com/?id.284672

Trust: 1.8

url:https://vuldb.com/?submit.438408

Trust: 1.8

url:https://www.tp-link.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-11237

Trust: 1.4

url:https://vuldb.com/?ctiid.284672

Trust: 1.0

sources: CNVD: CNVD-2024-47283 // JVNDB: JVNDB-2024-013008 // NVD: CVE-2024-11237

SOURCES

db:CNVDid:CNVD-2024-47283
db:JVNDBid:JVNDB-2024-013008
db:NVDid:CVE-2024-11237

LAST UPDATE DATE

2024-12-11T23:00:28.153000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-47283date:2024-12-06T00:00:00
db:JVNDBid:JVNDB-2024-013008date:2024-11-20T00:48:00
db:NVDid:CVE-2024-11237date:2024-11-19T19:04:14.987

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-47283date:2024-12-05T00:00:00
db:JVNDBid:JVNDB-2024-013008date:2024-11-20T00:00:00
db:NVDid:CVE-2024-11237date:2024-11-15T12:15:14.670