CVE-2024-12344

MEDIUM

TP-Link VN020 F3v(T) TT_V6.2.1021 - Memory Corruption via FTP USER Command Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12344. PoCs published by Mohamed Maatallah.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in TP-Link VN020-F3v(T) router's FTP server via the USER command, causing memory corruption and crashes with specific payload sizes. It includes connectivity checks and payload generation to trigger the vulnerability.

Description

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Mohamed Maatallah · cremotemultiple

https://www.exploit-db.com/exploits/52249

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in TP-Link VN020-F3v(T) router's FTP server via the USER command, causing memory corruption and crashes with specific payload sizes. It includes connectivity checks and payload generation to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: TP-Link VN020-F3v(T) Router (Firmware Version TT_V6.2.1021)

No auth needed

Prerequisites: Network access to the target FTP server · Target router running vulnerable firmware

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.287265

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.287265

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.452658

Broken Link exploit

https://github.com/Zephkek/TP-1450

View Writeup ZIP pw:eip

Product product

https://www.tp-link.com/

Scores

CVSS v3 6.3

EPSS 0.0070

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-787

Status published

Products (1)

tp-link/vn020_f3v_firmware 6.2.1021

Published Dec 08, 2024

Tracked Since Feb 18, 2026