CVE-2024-12344

MEDIUM

Tp-link Vn020 F3v Firmware - Out-of-Bounds Write

Title source: rule

Description

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Mohamed Maatallah · cremotemultiple

https://www.exploit-db.com/exploits/52249

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.452658

[Broken Link] https://github.com/Zephkek/TP-1450

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.287265

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.287265

[Product] https://www.tp-link.com/

Scores

CVSS v3 6.3

EPSS 0.0048

EPSS Percentile 65.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-119 CWE-787

Status published

Products (1)

tp-link/vn020_f3v_firmware 6.2.1021

Published Dec 08, 2024

Tracked Since Feb 18, 2026