Details of VAR-202412-0376

ID

VAR-202412-0376

CVE

CVE-2024-12343

TITLE

TP-LINK Technologies of vn020 f3v Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-014446

DESCRIPTION

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. TP-LINK Technologies of vn020 f3v The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK VN020 is a wireless modem from TP-LINK of China

Trust: 2.16

sources: NVD: CVE-2024-12343 // JVNDB: JVNDB-2024-014446 // CNVD: CNVD-2024-49643

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-49643

AFFECTED PRODUCTS

vendor:	tp link	model:	vn020 f3v	scope:	eq	version:	6.2.1021	Trust: 1.0
vendor:	tp link	model:	vn020 f3v	scope:	eq	version:	vn020 f3v firmware 6.2.1021	Trust: 0.8
vendor:	tp link	model:	vn020 f3v	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	vn020 f3v	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	vn020 f3v tt v6.2.1021	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-49643 // JVNDB: JVNDB-2024-014446 // NVD: CVE-2024-12343

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-12343
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-12343
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-014446
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-49643
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-12343
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-014446
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-49643
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-12343
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-12343
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-014446
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-49643 // JVNDB: JVNDB-2024-014446 // NVD: CVE-2024-12343 // NVD: CVE-2024-12343

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014446 // NVD: CVE-2024-12343

EXTERNAL IDS

db:	NVD	id:	CVE-2024-12343	Trust: 3.2
db:	VULDB	id:	287262	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-014446	Trust: 0.8
db:	CNVD	id:	CNVD-2024-49643	Trust: 0.6

sources: CNVD: CNVD-2024-49643 // JVNDB: JVNDB-2024-014446 // NVD: CVE-2024-12343

REFERENCES

url:	https://vuldb.com/?id.287262	Trust: 1.8
url:	https://vuldb.com/?submit.446212	Trust: 1.8
url:	https://www.tp-link.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-12343	Trust: 1.4
url:	https://vuldb.com/?ctiid.287262	Trust: 1.0
url:	https://github.com/zephkek/tp-wanpunch/blob/main/readme.md	Trust: 1.0

sources: CNVD: CNVD-2024-49643 // JVNDB: JVNDB-2024-014446 // NVD: CVE-2024-12343

SOURCES

db:	CNVD	id:	CNVD-2024-49643
db:	JVNDB	id:	JVNDB-2024-014446
db:	NVD	id:	CVE-2024-12343

LAST UPDATE DATE

2025-01-01T23:20:56.880000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-49643	date:	2024-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2024-014446	date:	2024-12-12T01:45:00
db:	NVD	id:	CVE-2024-12343	date:	2024-12-10T23:26:52.047

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-49643	date:	2024-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014446	date:	2024-12-12T00:00:00
db:	NVD	id:	CVE-2024-12343	date:	2024-12-08T10:15:04.637