Sign-up

ID

VAR-202412-0464


CVE

CVE-2024-12344


TITLE

TP-LINK Technologies  of  vn020 f3v  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-014431

DESCRIPTION

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TP-LINK Technologies of vn020 f3v An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK VN020 is a wireless modem from TP-LINK of China. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2024-12344 // JVNDB: JVNDB-2024-014431 // CNVD: CNVD-2024-49642

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-49642

AFFECTED PRODUCTS

vendor:tp linkmodel:vn020 f3vscope:eqversion:6.2.1021

Trust: 1.6

vendor:tp linkmodel:vn020 f3vscope:eqversion:vn020 f3v firmware 6.2.1021

Trust: 0.8

vendor:tp linkmodel:vn020 f3vscope: - version: -

Trust: 0.8

vendor:tp linkmodel:vn020 f3vscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2024-49642 // JVNDB: JVNDB-2024-014431 // NVD: CVE-2024-12344

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-12344
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-12344
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-014431
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-49642
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-12344
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-014431
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2024-49642
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-12344
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-12344
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-014431
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-49642 // JVNDB: JVNDB-2024-014431 // NVD: CVE-2024-12344 // NVD: CVE-2024-12344

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-014431 // NVD: CVE-2024-12344

EXTERNAL IDS

db:NVDid:CVE-2024-12344

Trust: 3.2

db:VULDBid:287265

Trust: 1.8

db:JVNDBid:JVNDB-2024-014431

Trust: 0.8

db:CNVDid:CNVD-2024-49642

Trust: 0.6

sources: CNVD: CNVD-2024-49642 // JVNDB: JVNDB-2024-014431 // NVD: CVE-2024-12344

REFERENCES

url:https://vuldb.com/?id.287265

Trust: 1.8

url:https://vuldb.com/?submit.452658

Trust: 1.8

url:https://www.tp-link.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-12344

Trust: 1.4

url:https://vuldb.com/?ctiid.287265

Trust: 1.0

url:https://github.com/zephkek/tp-1450

Trust: 1.0

sources: CNVD: CNVD-2024-49642 // JVNDB: JVNDB-2024-014431 // NVD: CVE-2024-12344

SOURCES

db:CNVDid:CNVD-2024-49642
db:JVNDBid:JVNDB-2024-014431
db:NVDid:CVE-2024-12344

LAST UPDATE DATE

2024-12-31T22:39:41.776000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-49642date:2024-12-30T00:00:00
db:JVNDBid:JVNDB-2024-014431date:2024-12-12T01:35:00
db:NVDid:CVE-2024-12344date:2024-12-10T23:28:05.760

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-49642date:2024-12-25T00:00:00
db:JVNDBid:JVNDB-2024-014431date:2024-12-12T00:00:00
db:NVDid:CVE-2024-12344date:2024-12-08T23:15:04.980