Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for N200RE V5 by Totolink

    VAR-202401-2395

    Vulnerability from variot - Updated: 2025-07-10 23:04

    Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n200re v5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "9.3.5u.6255_b20211224"
          },
          {
            "model": "n200re v9.3.5u.6255 b20211224",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "cve": "CVE-2022-46025",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15336",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-46025",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-46025",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-46025",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15336",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-46025",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "id": "VAR-202401-2395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          }
        ]
      },
      "last_update_date": "2025-07-10T23:04:01.666000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://pastebin.com/aan5jt40"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "date": "2024-01-10T08:15:37.570000",
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          },
          {
            "date": "2024-09-03T21:35:00.893000",
            "db": "NVD",
            "id": "CVE-2022-46025"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N200RE Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15336"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202401-1088

    Vulnerability from variot - Updated: 2025-07-10 22:47

    A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology, supports up to 300Mbps wireless transmission rate, and is designed to meet the needs of home and small office networks. ‌

    TOTOLINK N200RE has a code vulnerability, and no detailed vulnerability details are currently available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1088",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n200re-v5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "9.3.5u.6255_b20211224"
          },
          {
            "model": "n200re v5",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n200re v5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n200re_v5  firmware  9.3.5u.6255 b20211224"
          },
          {
            "model": "n200re v5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n200re 9.3.5u.6255 b20211224",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "totolink",
            "version": "v5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "cve": "CVE-2024-0942",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2024-0942",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2025-15324",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.2,
                "id": "CVE-2024-0942",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-0942",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2024-0942",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-0942",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-0942",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-0942",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15324",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology, supports up to 300Mbps wireless transmission rate, and is designed to meet the needs of home and small office networks. \u200c\n\nTOTOLINK N200RE has a code vulnerability, and no detailed vulnerability details are currently available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-0942",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "252186",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "id": "VAR-202401-1088",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:47:09.634000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-613",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate session deadline (CWE-613) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.252186"
          },
          {
            "trust": 1.8,
            "url": "https://drive.google.com/file/d/1owagbmdthdiun1wsrah4znuzhouvtu4t/view?usp=sharing"
          },
          {
            "trust": 1.8,
            "url": "https://youtu.be/b0tu2cilbnu"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.252186"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.269679"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-0942"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "date": "2024-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "date": "2024-01-26T20:15:54.403000",
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15324"
          },
          {
            "date": "2024-02-07T02:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          },
          {
            "date": "2024-05-17T02:35:05.337000",
            "db": "NVD",
            "id": "CVE-2024-0942"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0N200RE_v5\u00a0 Firmware Session Expiration Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001936"
          }
        ],
        "trust": 0.8
      }
    }

    CVE-2024-0942 (GCVE-0-2024-0942)

    Vulnerability from nvd – Published: 2024-01-26 19:31 – Updated: 2024-08-23 19:03
    VLAI
    Title
    Totolink N200RE V5 cstecgi.cgi session expiration
    Summary
    A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252186 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.252186 signaturepermissions-required
    https://vuldb.com/?submit.269679 third-party-advisory
    https://drive.google.com/file/d/1oWAGbmDtHDIUN1WS… exploit
    https://youtu.be/b0tU2CiLbnU media-coverage
    Impacted products
    Vendor Product Version
    Totolink N200RE V5 Affected: 9.3.5u.6255_B20211224
    Create a notification for this product.
    Credits
    Chun-Li Lin lin7lic (VulDB User) lin7lic (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252186"
              },
              {
                "name": "VDB-252186 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252186"
              },
              {
                "name": "Submit #269679 | Totolink  N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.269679"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://youtu.be/b0tU2CiLbnU"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-23T18:49:24.006118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-23T19:03:14.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N200RE V5",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6255_B20211224"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chun-Li Lin"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "lin7lic (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "lin7lic (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in Totolink N200RE V5 9.3.5u.6255_B20211224 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T06:44:33.095Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.252186"
            },
            {
              "name": "VDB-252186 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252186"
            },
            {
              "name": "Submit #269679 | Totolink  N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.269679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://youtu.be/b0tU2CiLbnU"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-26T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2024-01-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-01T08:46:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink N200RE V5 cstecgi.cgi session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0942",
        "datePublished": "2024-01-26T19:31:04.140Z",
        "dateReserved": "2024-01-26T12:37:34.646Z",
        "dateUpdated": "2024-08-23T19:03:14.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4746 (GCVE-0-2023-4746)

    Vulnerability from nvd – Published: 2023-09-04 00:00 – Updated: 2024-08-02 07:37
    VLAI
    Title
    TOTOLINK N200RE V5 Validity_check format string
    Summary
    A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.238635 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.238635 signaturepermissions-required
    https://gist.github.com/dmknght/8f3b6aa65e9d08f45… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK N200RE V5 Affected: 9.3.5u.6437_B20230519
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:37:59.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.238635"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.238635"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N200RE V5",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6437_B20230519"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK N200RE V5 9.3.5u.6437_B20230519 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion Validity_check. Dank Manipulation mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:21:51.555Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.238635"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.238635"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-09-03T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-09-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-29T20:39:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N200RE V5 Validity_check format string"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4746",
        "datePublished": "2023-09-04T00:00:13.761Z",
        "dateReserved": "2023-09-03T06:48:52.219Z",
        "dateUpdated": "2024-08-02T07:37:59.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0942 (GCVE-0-2024-0942)

    Vulnerability from cvelistv5 – Published: 2024-01-26 19:31 – Updated: 2024-08-23 19:03
    VLAI
    Title
    Totolink N200RE V5 cstecgi.cgi session expiration
    Summary
    A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252186 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.252186 signaturepermissions-required
    https://vuldb.com/?submit.269679 third-party-advisory
    https://drive.google.com/file/d/1oWAGbmDtHDIUN1WS… exploit
    https://youtu.be/b0tU2CiLbnU media-coverage
    Impacted products
    Vendor Product Version
    Totolink N200RE V5 Affected: 9.3.5u.6255_B20211224
    Create a notification for this product.
    Credits
    Chun-Li Lin lin7lic (VulDB User) lin7lic (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252186"
              },
              {
                "name": "VDB-252186 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252186"
              },
              {
                "name": "Submit #269679 | Totolink  N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.269679"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://youtu.be/b0tU2CiLbnU"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-23T18:49:24.006118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-23T19:03:14.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N200RE V5",
              "vendor": "Totolink",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6255_B20211224"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chun-Li Lin"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "lin7lic (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "lin7lic (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in Totolink N200RE V5 9.3.5u.6255_B20211224 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T06:44:33.095Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.252186"
            },
            {
              "name": "VDB-252186 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252186"
            },
            {
              "name": "Submit #269679 | Totolink  N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.269679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://youtu.be/b0tU2CiLbnU"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-26T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2024-01-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-01T08:46:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Totolink N200RE V5 cstecgi.cgi session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0942",
        "datePublished": "2024-01-26T19:31:04.140Z",
        "dateReserved": "2024-01-26T12:37:34.646Z",
        "dateUpdated": "2024-08-23T19:03:14.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4746 (GCVE-0-2023-4746)

    Vulnerability from cvelistv5 – Published: 2023-09-04 00:00 – Updated: 2024-08-02 07:37
    VLAI
    Title
    TOTOLINK N200RE V5 Validity_check format string
    Summary
    A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.238635 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.238635 signaturepermissions-required
    https://gist.github.com/dmknght/8f3b6aa65e9d08f45… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK N200RE V5 Affected: 9.3.5u.6437_B20230519
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:37:59.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.238635"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.238635"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N200RE V5",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6437_B20230519"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK N200RE V5 9.3.5u.6437_B20230519 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion Validity_check. Dank Manipulation mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:21:51.555Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.238635"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.238635"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-09-03T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-09-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-29T20:39:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N200RE V5 Validity_check format string"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4746",
        "datePublished": "2023-09-04T00:00:13.761Z",
        "dateReserved": "2023-09-03T06:48:52.219Z",
        "dateUpdated": "2024-08-02T07:37:59.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }