CVE-2024-42547

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 120

Summary

CVE-2024-42547 is a newly disclosed buffer overflow vulnerability affecting version 4.1.2cu.5050_B20200504 of TOTOLINK A3100R routers. The issue lies within the loginauth function, which fails to adequately validate user input in the http_host parameter. An attacker can exploit this vulnerability by crafting a specially designed input and sending it to the affected device. Successful exploitation could lead to arbitrary code execution, potentially allowing the attacker to gain unauthorized access to the router or launch further attacks on the network. It is highly recommended that users update their TOTOLINK A3100R routers to the latest available firmware to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share