Severity
Medium
Analysis Summary
CVE-2024-12344 CVSS:6.3
TP-Link VN020 F3v(T) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a memory corruption in the component FTP USER Command Handler.. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-12343 CVSS:6.5
TP-Link VN020 F3v(T) is vulnerable to a denial of service, caused by a buffer overflow in /control/WANIPConnection of the component SOAP Request Handler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-12342 CVSS:6.5
TP-Link VN020 F3v(T) is vulnerable to a denial of service, caused by a flaw in file /control/WANIPConnection of the component Incomplete SOAP Request Handler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Code Execution
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-12344
- CVE-2024-12343
- CVE-2024-12342
Affected Vendors
Affected Products
- TP-Link VN020 F3v(T) - 6.2.1021
Remediation
Refer to TP-Link Security Advisory for patch, upgrade, or suggested workaround information.