Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for EX200 by TOTOLINK

    CVE-2026-11620 (GCVE-0-2026-11620)

    Vulnerability from nvd – Published: 2026-06-09 02:45 – Updated: 2026-06-09 16:00
    VLAI
    Title
    TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation
    Summary
    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    TOTOLINK EX200 Affected: 4.0.3c.7646
        cpe:2.3:o:totolink:ex200_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11620",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T16:00:16.893844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T16:00:26.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:ex200_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "vsftpd"
              ],
              "product": "EX200",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3c.7646"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T02:45:10.490Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369301 | TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369301"
            },
            {
              "name": "VDB-369301 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369301/cti"
            },
            {
              "name": "CVE-2026-11620 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11620"
            },
            {
              "name": "Submit #834825 | TOTOLink EX200 V4.0.3c.7646 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834825"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-08T22:19:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11620",
        "datePublished": "2026-06-09T02:45:10.490Z",
        "dateReserved": "2026-06-08T20:14:12.689Z",
        "dateUpdated": "2026-06-09T16:00:26.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11620 (GCVE-0-2026-11620)

    Vulnerability from cvelistv5 – Published: 2026-06-09 02:45 – Updated: 2026-06-09 16:00
    VLAI
    Title
    TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation
    Summary
    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    TOTOLINK EX200 Affected: 4.0.3c.7646
        cpe:2.3:o:totolink:ex200_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11620",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T16:00:16.893844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T16:00:26.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:ex200_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "vsftpd"
              ],
              "product": "EX200",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3c.7646"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T02:45:10.490Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369301 | TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369301"
            },
            {
              "name": "VDB-369301 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369301/cti"
            },
            {
              "name": "CVE-2026-11620 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11620"
            },
            {
              "name": "Submit #834825 | TOTOLink EX200 V4.0.3c.7646 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834825"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-08T22:19:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11620",
        "datePublished": "2026-06-09T02:45:10.490Z",
        "dateReserved": "2026-06-08T20:14:12.689Z",
        "dateUpdated": "2026-06-09T16:00:26.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202404-2860

    Vulnerability from variot - Updated: 2025-08-10 23:38

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. TOTOLINK of EX200 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2860",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "cve": "CVE-2024-31807",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-17941",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-31807",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020823",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31807",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020823",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17941",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. TOTOLINK of EX200 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31807",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "id": "VAR-202404-2860",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:38:33.718000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 NTPSyncWithHost method code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717031"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          },
          {
            "problemtype": "Code injection (CWE-94) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/ci_2_ntpsyncwithhost/ci.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31807"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "date": "2025-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "date": "2024-04-08T13:15:08.603000",
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17941"
          },
          {
            "date": "2025-03-25T00:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          },
          {
            "date": "2025-03-18T16:04:11.190000",
            "db": "NVD",
            "id": "CVE-2024-31807"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Code injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020823"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2904

    Vulnerability from variot - Updated: 2025-08-10 23:37

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2904",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "cve": "CVE-2024-31809",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17944",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31809",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020598",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31809",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020598",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17944",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31809",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "id": "VAR-202404-2904",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:37:12.633000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 setUpgradeFW method code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717046"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-75",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate sanitizing of special elements (CWE-75) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/ci_4_setupgradefw/ci.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31809"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "date": "2024-04-08T13:15:08.700000",
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17944"
          },
          {
            "date": "2025-03-19T02:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          },
          {
            "date": "2025-03-18T16:03:53.180000",
            "db": "NVD",
            "id": "CVE-2024-31809"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Firmware special element sanitization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020598"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-3544

    Vulnerability from variot - Updated: 2025-08-10 23:36

    TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. TOTOLINK of EX200 A lack of authentication vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender manufactured by China's TOTOLINK Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-3544",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "cve": "CVE-2024-31813",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-17946",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2024-31813",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020583",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31813",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020583",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17946",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. TOTOLINK of EX200 A lack of authentication vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender manufactured by China\u0027s TOTOLINK Electronics. It\u0027s primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31813",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "id": "VAR-202404-3544",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:36:50.014000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 has an unspecified vulnerability (CNVD-2025-17946)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717061"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-862",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication (CWE-862) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/missing_authentication/missauth.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31813"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "date": "2024-04-08T13:15:08.840000",
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17946"
          },
          {
            "date": "2025-03-19T01:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          },
          {
            "date": "2025-03-18T16:03:30.870000",
            "db": "NVD",
            "id": "CVE-2024-31813"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Lack of Authentication Vulnerability in Firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020583"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2861

    Vulnerability from variot - Updated: 2025-08-10 23:34

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender released by China's Jiweng Electronics (TOTOLINK). It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones.

    The TOTOLINK EX200 suffers from a denial of service vulnerability caused by a failure to properly validate user input in the RebootSystem method

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2861",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "cve": "CVE-2024-31806",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17964",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31806",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020591",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31806",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020591",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17964",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender released by China\u0027s Jiweng Electronics (TOTOLINK). It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. \n\nThe TOTOLINK EX200 suffers from a denial of service vulnerability caused by a failure to properly validate user input in the RebootSystem method",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31806",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "id": "VAR-202404-2861",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:34:13.598000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717076"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-75",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate sanitizing of special elements (CWE-75) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/dos_rebootsystem/dos.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31806"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "date": "2024-04-08T13:15:08.550000",
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17964"
          },
          {
            "date": "2025-03-19T02:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          },
          {
            "date": "2025-03-18T16:04:16.430000",
            "db": "NVD",
            "id": "CVE-2024-31806"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Firmware special element sanitization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020591"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2897

    Vulnerability from variot - Updated: 2025-08-10 23:30

    TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. TOTOLINK of EX200 Firmware contains an access control vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones.

    The TOTOLINK EX200 has a security vulnerability due to improper permission management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2897",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "cve": "CVE-2024-31805",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17943",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31805",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020579",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31805",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020579",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17943",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. TOTOLINK of EX200 Firmware contains an access control vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. \n\nThe TOTOLINK EX200 has a security vulnerability due to improper permission management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31805",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "id": "VAR-202404-2897",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:30:57.075000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 has an unspecified vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717041"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/ci_5_settelnetcfg/ci.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31805"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "date": "2024-04-08T13:15:08.500000",
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17943"
          },
          {
            "date": "2025-03-19T01:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          },
          {
            "date": "2025-03-18T16:04:21.413000",
            "db": "NVD",
            "id": "CVE-2024-31805"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Access control vulnerabilities in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020579"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2859

    Vulnerability from variot - Updated: 2025-08-10 23:29

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones.

    The TOTOLINK EX200 has an information leakage vulnerability due to improper device permission management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2859",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "cve": "CVE-2024-31817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-17939",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-31817",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020953",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31817",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020953",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17939",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. \n\nThe TOTOLINK EX200 has an information leakage vulnerability due to improper device permission management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31817",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "id": "VAR-202404-2859",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:29:49.818000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 getSysStatusCfg method information leakage vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717021"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "information leak (CWE-200) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/leak_getsysstatuscfg/leak.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31817"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "date": "2025-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "date": "2024-04-08T13:15:09.030000",
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17939"
          },
          {
            "date": "2025-03-26T08:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          },
          {
            "date": "2025-03-24T17:19:53.513000",
            "db": "NVD",
            "id": "CVE-2024-31817"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Information disclosure vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020953"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-3218

    Vulnerability from variot - Updated: 2025-08-10 23:29

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. TOTOLINK of EX200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-3218",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "cve": "CVE-2024-31811",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2025-17942",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2024-31811",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020584",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31811",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020584",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17942",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. TOTOLINK of EX200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31811",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "id": "VAR-202404-3218",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:29:49.783000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 setLanguageCfg method code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717036"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/ci_1_setlanguagecfg/ci.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31811"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "date": "2024-04-08T13:15:08.750000",
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17942"
          },
          {
            "date": "2025-03-19T01:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          },
          {
            "date": "2025-03-18T16:03:42.680000",
            "db": "NVD",
            "id": "CVE-2024-31811"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020584"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-3358

    Vulnerability from variot - Updated: 2025-08-10 23:27

    In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. TOTOLINK of EX200 An authentication bypass vulnerability exists in firmware with user-controlled keys.Information may be obtained and information may be tampered with. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones.

    The TOTOLINK EX200 has a security vulnerability caused by improper interface permission management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-3358",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7314 b20191204",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "cve": "CVE-2024-31815",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-17938",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-31815",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-025144",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31815",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-025144",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17938",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. TOTOLINK of EX200 An authentication bypass vulnerability exists in firmware with user-controlled keys.Information may be obtained and information may be tampered with. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. \n\nThe TOTOLINK EX200 has a security vulnerability caused by improper interface permission management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31815",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "id": "VAR-202404-3358",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:27:57.128000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for The TOTOLINK EX200 ExportSettings.sh file has an unspecified vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717016"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-639",
            "trust": 1.0
          },
          {
            "problemtype": "Avoid authentication with user-controlled keys (CWE-639) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/leak_exportsettings/leak.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31815"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "date": "2025-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "date": "2024-04-08T13:15:08.937000",
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17938"
          },
          {
            "date": "2025-06-18T01:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          },
          {
            "date": "2025-06-17T18:30:45.130000",
            "db": "NVD",
            "id": "CVE-2024-31815"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 User-controlled key authentication bypass vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025144"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2870

    Vulnerability from variot - Updated: 2025-08-10 23:26

    TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. TOTOLINK of EX200 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2870",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "cve": "CVE-2024-31814",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17963",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31814",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020822",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31814",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020822",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17963",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. TOTOLINK of EX200 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It\u0027s primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31814",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "id": "VAR-202404-2870",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:26:13.408000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 has an unspecified vulnerability (CNVD-2025-17963)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717071"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-288",
            "trust": 1.0
          },
          {
            "problemtype": "Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/login_bypass/bypass.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31814"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "date": "2025-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "date": "2024-04-08T13:15:08.887000",
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17963"
          },
          {
            "date": "2025-03-25T00:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          },
          {
            "date": "2025-03-18T16:03:02.557000",
            "db": "NVD",
            "id": "CVE-2024-31814"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Firmware vulnerability regarding authentication bypass using alternative paths or channels",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020822"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2850

    Vulnerability from variot - Updated: 2025-08-10 23:24

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. TOTOLINK of EX200 The firmware contains a vulnerability related to improper parameter handling.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2850",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "cve": "CVE-2024-31808",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17945",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31808",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020585",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31808",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020585",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17945",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. TOTOLINK of EX200 The firmware contains a vulnerability related to improper parameter handling.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31808",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "id": "VAR-202404-2850",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:24:15.420000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 setWebWlanIdx method code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717056"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-233",
            "trust": 1.0
          },
          {
            "problemtype": "Improper handling of parameters (CWE-233) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/ci_3_setwebwlanidx/ci.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31808"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "date": "2024-04-08T13:15:08.650000",
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17945"
          },
          {
            "date": "2025-03-19T01:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          },
          {
            "date": "2025-03-18T16:04:05.817000",
            "db": "NVD",
            "id": "CVE-2024-31808"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Vulnerability regarding improper parameter handling in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020585"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2871

    Vulnerability from variot - Updated: 2025-08-10 23:24

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones.

    The TOTOLINK EX200 has an information leakage vulnerability due to improper permission management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2871",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "cve": "CVE-2024-31812",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-17940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-31812",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020597",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31812",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020597",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17940",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China\u0027s TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. \n\nThe TOTOLINK EX200 has an information leakage vulnerability due to improper permission management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31812",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "id": "VAR-202404-2871",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          }
        ]
      },
      "last_update_date": "2025-08-10T23:24:15.399000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 getWiFiExtenderConfig method information leakage vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717026"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-75",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate sanitizing of special elements (CWE-75) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/leak_getwifiextenderconfig/leak.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31812"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "date": "2024-04-08T13:15:08.800000",
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17940"
          },
          {
            "date": "2025-03-19T02:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          },
          {
            "date": "2025-03-18T16:03:37.920000",
            "db": "NVD",
            "id": "CVE-2024-31812"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Firmware special element sanitization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020597"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-1581

    Vulnerability from variot - Updated: 2025-08-06 23:25

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless range extender from China's Jiong Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-1581",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "cve": "CVE-2024-32326",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-17515",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2024-32326",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-021832",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-32326",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-021832",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17515",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless range extender from China\u0027s Jiong Electronics. It\u0027s primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-32326",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "id": "VAR-202404-1581",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          }
        ]
      },
      "last_update_date": "2025-08-06T23:25:17.891000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 setWiFiExtenderConfig method key parameter cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/715076"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/xss_key/readme.md"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/144.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-32326"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "date": "2025-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "date": "2024-04-18T17:15:48.817000",
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17515"
          },
          {
            "date": "2025-04-10T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          },
          {
            "date": "2025-04-07T14:26:49.023000",
            "db": "NVD",
            "id": "CVE-2024-32326"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Cross-site scripting vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021832"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-1754

    Vulnerability from variot - Updated: 2025-08-06 23:20

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-1754",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "cve": "CVE-2024-32325",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-17470",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 0.9,
                "id": "CVE-2024-32325",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 2.4,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-023803",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-32325",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-023803",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17470",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-32325",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "id": "VAR-202404-1754",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          }
        ]
      },
      "last_update_date": "2025-08-06T23:20:59.448000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 setWiFiExtenderConfig method ssid parameter cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/715086"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/xss_ssid/readme.md"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/144.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-32325"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "date": "2025-05-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "date": "2024-04-18T17:15:48.740000",
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17470"
          },
          {
            "date": "2025-05-14T12:42:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          },
          {
            "date": "2025-05-13T00:53:54.647000",
            "db": "NVD",
            "id": "CVE-2024-32325"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Cross-site scripting vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-023803"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-2896

    Vulnerability from variot - Updated: 2025-08-06 23:08

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2896",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "cve": "CVE-2024-31816",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-17520",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-31816",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020578",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31816",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020578",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17520",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31816",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "id": "VAR-202404-2896",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          }
        ]
      },
      "last_update_date": "2025-08-06T23:08:19.469000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX200 getEasyWizardCfg method authorization vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/715111"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "information leak (CWE-200) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/leak_geteasywizardcfg/leak.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31816"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "date": "2025-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "date": "2024-04-08T13:15:08.987000",
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17520"
          },
          {
            "date": "2025-03-19T01:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          },
          {
            "date": "2025-03-18T16:02:17.737000",
            "db": "NVD",
            "id": "CVE-2024-31816"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Information disclosure vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020578"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202405-4010

    Vulnerability from variot - Updated: 2025-07-05 23:30

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of EX200 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China's TOTOLINK Electronics. It is designed to expand the coverage of existing Wi-Fi networks and eliminate "blind spots". Attackers can use this vulnerability to log in as the root account

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-4010",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "cve": "CVE-2024-31810",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15058",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-31810",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-021964",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-31810",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-021964",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15058",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of EX200 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China\u0027s TOTOLINK Electronics. It is designed to expand the coverage of existing Wi-Fi networks and eliminate \"blind spots\". Attackers can use this vulnerability to log in as the root account",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-31810",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "id": "VAR-202405-4010",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          }
        ]
      },
      "last_update_date": "2025-07-05T23:30:59.795000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Using hardcoded passwords (CWE-259) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/hardcode/hardcode.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-31810"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "date": "2025-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "date": "2024-05-14T15:25:45.230000",
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15058"
          },
          {
            "date": "2025-04-11T14:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          },
          {
            "date": "2025-04-09T14:20:06.750000",
            "db": "NVD",
            "id": "CVE-2024-31810"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021964"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202408-0332

    Vulnerability from variot - Updated: 2025-06-29 23:14

    A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of EX200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender designed to expand the coverage of existing Wi-Fi networks. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202408-0332",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "cve": "CVE-2024-7336",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2024-7336",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-005342",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13899",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-7336",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-005342",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-7336",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-7336",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-005342",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13899",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of EX200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender designed to expand the coverage of existing Wi-Fi networks. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-7336",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "273259",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "id": "VAR-202408-0332",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          }
        ]
      },
      "last_update_date": "2025-06-29T23:14:10.133000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ex200/loginauth.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.379314"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-7336"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.273259"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.273259"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "date": "2024-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "date": "2024-08-01T03:15:01.717000",
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13899"
          },
          {
            "date": "2024-08-15T02:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          },
          {
            "date": "2024-08-09T14:38:01.050000",
            "db": "NVD",
            "id": "CVE-2024-7336"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005342"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202408-0320

    Vulnerability from variot - Updated: 2025-06-29 22:51

    A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of EX200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ‌TOTOLINK EX200 is a 2.4G wireless N range extender designed to expand the coverage of existing Wi-Fi networks. The vulnerability stems from the function getSaveConfig in the file /cgi-bin/cstecgi.cgi?action=save&setting as parameter http_host, which causes a buffer overflow. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202408-0320",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "cve": "CVE-2024-7335",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2024-7335",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-005343",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13898",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-7335",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-005343",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-7335",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-7335",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-005343",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13898",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save\u0026setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of EX200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \u200cTOTOLINK EX200 is a 2.4G wireless N range extender designed to expand the coverage of existing Wi-Fi networks. The vulnerability stems from the function getSaveConfig in the file /cgi-bin/cstecgi.cgi?action=save\u0026setting as parameter http_host, which causes a buffer overflow. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-7335",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "273258",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "id": "VAR-202408-0320",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          }
        ]
      },
      "last_update_date": "2025-06-29T22:51:23.690000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ex200/getsaveconfig.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.379313"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-7335"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.273258"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.273258"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "date": "2024-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "date": "2024-08-01T02:15:02.900000",
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13898"
          },
          {
            "date": "2024-08-15T02:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          },
          {
            "date": "2024-08-09T14:05:30.013000",
            "db": "NVD",
            "id": "CVE-2024-7335"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-005343"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1591

    Vulnerability from variot - Updated: 2025-04-08 23:03

    TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. TOTOLINK of EX200 Firmware contains a command injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China's Jiweng Electronics (TOTOLINK) company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1591",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.7646_b20201211"
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex200  firmware  4.0.3c.7646 b20201211"
          },
          {
            "model": "ex200 v4.0.3c.7646 b20201211",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "cve": "CVE-2024-53333",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2024-46253",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.1,
                "id": "CVE-2024-53333",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-021525",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-53333",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-021525",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-46253",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the \"ussd\" parameter. TOTOLINK of EX200 Firmware contains a command injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China\u0027s Jiweng Electronics (TOTOLINK) company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-53333",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "id": "VAR-202411-1591",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          }
        ]
      },
      "last_update_date": "2025-04-08T23:03:51.123000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/luckysmallbird/totolink-ex200-vulnerability-1/blob/main/readme.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-53333"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "date": "2025-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "date": "2024-11-21T18:15:13.587000",
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-46253"
          },
          {
            "date": "2025-04-07T07:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          },
          {
            "date": "2025-04-04T14:40:24.837000",
            "db": "NVD",
            "id": "CVE-2024-53333"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0EX200\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-021525"
          }
        ],
        "trust": 0.8
      }
    }