mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
24 lines
1.5 KiB
JSON
24 lines
1.5 KiB
JSON
{
|
|
"id": "CVE-2024-34196",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-05-14T15:38:32.730",
|
|
"lastModified": "2024-05-14T16:12:23.490",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The \"boa\" program allows attackers to modify the value of the \"vwlan_idx\" field via \"formMultiAP\". This can lead to a stack overflow through the \"formWlEncrypt\" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 es vulnerable al desbordamiento del b\u00fafer. El programa \"boa\" permite a los atacantes modificar el valor del campo \"vwlan_idx\" mediante \"formMultiAP\". Esto puede provocar un desbordamiento de la pila a trav\u00e9s de la funci\u00f3n CGI \"formWlEncrypt\" al construir solicitudes HTTP maliciosas y pasar un valor SSID de WLAN que excede la longitud esperada, lo que podr\u00eda resultar en la ejecuci\u00f3n de comandos o ataques de denegaci\u00f3n de servicio."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |