CVE-2024-11237

HIGH

Tp-link Vn020-f3v(t) Firmware - Out-of-Bounds Write

Title source: rule

Description

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Mohamed Maatallah · clocalmultiple

https://www.exploit-db.com/exploits/52292

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://github.com/Zephkek/TP-Thumper

[Exploit] https://github.com/Zephkek/TP-Thumper/blob/main/poc.c

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.284672

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.284672

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.438408

[Product] https://www.tp-link.com/

Scores

CVSS v3 7.5

EPSS 0.0357

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119 CWE-121 CWE-787

Status published

Products (1)

tp-link/vn020-f3v\(t\)_firmware tt_v6.2.1021

Published Nov 15, 2024

Tracked Since Feb 18, 2026