Sign-up

ID

VAR-202409-1506


CVE

CVE-2024-9284


TITLE

TP-LINK Technologies  of  TL-WR841ND  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148

DESCRIPTION

A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TP-LINK Technologies of TL-WR841ND A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-9284 // JVNDB: JVNDB-2024-026148

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr841ndscope:eqversion: -

Trust: 1.8

vendor:tp linkmodel:tl-wr841ndscope:eqversion:tl-wr841nd firmware

Trust: 0.8

vendor:tp linkmodel:tl-wr841ndscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148 // NVD: CVE-2024-9284

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-9284
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-026148
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-9284
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-026148
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-9284
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-026148
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148 // NVD: CVE-2024-9284

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148 // NVD: CVE-2024-9284

EXTERNAL IDS

db:NVDid:CVE-2024-9284

Trust: 2.6

db:VULDBid:278684

Trust: 1.8

db:JVNDBid:JVNDB-2024-026148

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148 // NVD: CVE-2024-9284

REFERENCES

url:https://vuldb.com/?id.278684

Trust: 1.8

url:https://vuldb.com/?submit.411526

Trust: 1.8

url:https://www.tp-link.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.278684

Trust: 1.0

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tp-link/wr-841nd/popupsitesurveyrpm.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-9284

Trust: 0.8

sources: JVNDB: JVNDB-2024-026148 // NVD: CVE-2024-9284

SOURCES

db:JVNDBid:JVNDB-2024-026148
db:NVDid:CVE-2024-9284

LAST UPDATE DATE

2025-07-17T23:47:42.729000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-026148date:2025-07-16T04:42:00
db:NVDid:CVE-2024-9284date:2025-07-15T18:29:21.443

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-026148date:2025-07-16T00:00:00
db:NVDid:CVE-2024-9284date:2024-09-27T17:15:14.600