CVE-2024-12344

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Zephkek/TP-1450", "name": "https://github.com/Zephkek/TP-1450", "tags": ["Broken Link"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.287265", "name": "VDB-287265 | CTI Indicators (IOB, IOC)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.287265", "name": "VDB-287265 | TP-Link VN020 F3v(T) FTP USER Command memory corruption", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.452658", "name": "Submit #452658 | TP-Link VN020 F3v(T) Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Buffer Overflow & Memory corruption", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.tp-link.com/", "name": "https://www.tp-link.com/", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-12344", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2024-12-08T23:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:tp-link:vn020_f3v_firmware:6.2.1021:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:tp-link:vn020_f3v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-10T23:28Z"}