Search criteria
12 vulnerabilities found for cp450 by totolink
VAR-202405-4052
Vulnerability from variot - Updated: 2025-07-17 23:20TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China Jiweng Electronics Co., Ltd., mainly used for wireless broadband access services in rural and remote areas. The vulnerability is caused by the setLanguageCfg method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"cve": "CVE-2024-34203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-15733",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-34203",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 3.8,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-021613",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34203",
"trust": 1.0,
"value": "LOW"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021613",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2025-15733",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China Jiweng Electronics Co., Ltd., mainly used for wireless broadband access services in rural and remote areas. The vulnerability is caused by the setLanguageCfg method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34203"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "CNVD",
"id": "CNVD-2025-15733"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34203",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-15733",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"id": "VAR-202405-4052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
}
]
},
"last_update_date": "2025-07-17T23:20:51.949000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706256"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/setlanguagecfg"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34203"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"date": "2025-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"date": "2024-05-14T15:38:33.450000",
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15733"
},
{
"date": "2025-04-08T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-021613"
},
{
"date": "2025-04-03T16:39:16.610000",
"db": "NVD",
"id": "CVE-2024-34203"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021613"
}
],
"trust": 0.8
}
}
VAR-202405-4040
Vulnerability from variot - Updated: 2025-07-09 23:13TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. TOTOLINK of cp450 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's TOTOLINK Electronics Co., Ltd., mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setIpQosRules method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cpe cp450 v4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"cve": "CVE-2024-34200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15262",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-34200",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-021614",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021614",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15262",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. TOTOLINK of cp450 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China\u0027s TOTOLINK Electronics Co., Ltd., mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setIpQosRules method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34200"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "CNVD",
"id": "CNVD-2025-15262"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34200",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-15262",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"id": "VAR-202405-4040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
}
]
},
"last_update_date": "2025-07-09T23:13:42.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CPE CP450 setIpQosRules method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/705806"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/setipqosrules"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34200"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"date": "2025-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"date": "2024-05-14T15:38:33.103000",
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15262"
},
{
"date": "2025-04-08T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-021614"
},
{
"date": "2025-04-03T16:39:33.180000",
"db": "NVD",
"id": "CVE-2024-34200"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021614"
}
],
"trust": 0.8
}
}
VAR-202405-4039
Vulnerability from variot - Updated: 2025-07-09 22:54TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China's TOTOLINK Electronics Co., Ltd. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setMacFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"cve": "CVE-2024-34202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-15263",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2024-34202",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-021386",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34202",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021386",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15263",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China\u0027s TOTOLINK Electronics Co., Ltd. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setMacFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34202"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "CNVD",
"id": "CNVD-2025-15263"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34202",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-15263",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"id": "VAR-202405-4039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
}
]
},
"last_update_date": "2025-07-09T22:54:04.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 setMacFilterRules method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/705811"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/setmacfilterrules"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"date": "2025-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"date": "2024-05-14T15:38:33.323000",
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15263"
},
{
"date": "2025-04-04T02:59:00",
"db": "JVNDB",
"id": "JVNDB-2024-021386"
},
{
"date": "2025-04-03T16:39:21.730000",
"db": "NVD",
"id": "CVE-2024-34202"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021386"
}
],
"trust": 0.8
}
}
VAR-202408-0177
Vulnerability from variot - Updated: 2025-06-29 23:02A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of cp450 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge device manufactured by China's Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-0177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"cve": "CVE-2024-7332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2024-7332",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-005133",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-13897",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7332",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-005133",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-7332",
"trust": 1.0,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-7332",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-005133",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-13897",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of cp450 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge device manufactured by China\u0027s Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "CNVD",
"id": "CNVD-2025-13897"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7332",
"trust": 3.2
},
{
"db": "VULDB",
"id": "273255",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-13897",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"id": "VAR-202408-0177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
}
]
},
"last_update_date": "2025-06-29T23:02:45.111000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-259",
"trust": 1.0
},
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/cp450/product.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.378357"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-7332"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.273255"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?id.273255"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"date": "2024-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"date": "2024-08-01T01:15:09.663000",
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13897"
},
{
"date": "2024-08-13T01:39:00",
"db": "JVNDB",
"id": "JVNDB-2024-005133"
},
{
"date": "2024-08-09T13:55:52.587000",
"db": "NVD",
"id": "CVE-2024-7332"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005133"
}
],
"trust": 0.8
}
}
VAR-202408-0035
Vulnerability from variot - Updated: 2025-06-19 23:21A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of cp450 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ‌ TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics.
TOTOLINK CP450 has a buffer overflow vulnerability, which is related to the improper processing of the parameter http_hos by the loginauth function of the file /cgi-bin/cstecgi.cgi. Attackers can exploit this vulnerability to cause the device to crash, execute arbitrary code, gain control of the device, and even further attack the network environment where the device is located
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"cve": "CVE-2024-7465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-7465",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-005610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-12712",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-7465",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7465",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-005610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-7465",
"trust": 1.0,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-7465",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-005610",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-12712",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of cp450 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \u200c TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK CP450 has a buffer overflow vulnerability, which is related to the improper processing of the parameter http_hos by the loginauth function of the file /cgi-bin/cstecgi.cgi. Attackers can exploit this vulnerability to cause the device to crash, execute arbitrary code, gain control of the device, and even further attack the network environment where the device is located",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7465"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "CNVD",
"id": "CNVD-2025-12712"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7465",
"trust": 3.2
},
{
"db": "VULDB",
"id": "273558",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12712",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"id": "VAR-202408-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
}
]
},
"last_update_date": "2025-06-19T23:21:41.032000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/cp450/loginauth.md"
},
{
"trust": 2.4,
"url": "https://vuldb.com/?submit.381340"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.273558"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?ctiid.273558"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-7465"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"date": "2024-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"date": "2024-08-05T02:16:03.840000",
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12712"
},
{
"date": "2024-08-19T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2024-005610"
},
{
"date": "2024-08-15T13:11:59.413000",
"db": "NVD",
"id": "CVE-2024-7465"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005610"
}
],
"trust": 0.8
}
}
VAR-202405-4008
Vulnerability from variot - Updated: 2025-06-15 23:45TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics.
TOTOLINK CP450 has a command injection vulnerability, which is caused by the download_firmware method failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"cve": "CVE-2024-34205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12181",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34205",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-022054",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-022054",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12181",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK CP450 has a command injection vulnerability, which is caused by the download_firmware method failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34205"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "CNVD",
"id": "CNVD-2025-12181"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34205",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12181",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"id": "VAR-202405-4008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
}
]
},
"last_update_date": "2025-06-15T23:45:51.609000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 download_firmware method command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695896"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/download_firmware"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34205"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"date": "2025-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"date": "2024-05-14T15:38:33.927000",
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12181"
},
{
"date": "2025-04-14T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2024-022054"
},
{
"date": "2025-04-09T14:19:54.057000",
"db": "NVD",
"id": "CVE-2024-34205"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022054"
}
],
"trust": 0.8
}
}
VAR-202405-3995
Vulnerability from variot - Updated: 2025-06-15 23:40TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. TOTOLINK of cp450 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the hostTime parameter of the NTPSyncWithHost method failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-3995",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cpe cp450 v4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"cve": "CVE-2024-34218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-12183",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2024-34218",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.8,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021518",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34218",
"trust": 1.0,
"value": "LOW"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021518",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2025-12183",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. TOTOLINK of cp450 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China\u0027s Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the hostTime parameter of the NTPSyncWithHost method failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34218"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "CNVD",
"id": "CNVD-2025-12183"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34218",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12183",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"id": "VAR-202405-3995",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
}
]
},
"last_update_date": "2025-06-15T23:40:54.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CPE CP450 NTPSyncWithHost method command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695906"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/ntpsyncwithhost"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"date": "2025-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"date": "2024-05-14T15:38:35.720000",
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12183"
},
{
"date": "2025-04-07T07:14:00",
"db": "JVNDB",
"id": "JVNDB-2024-021518"
},
{
"date": "2025-04-04T14:47:14.257000",
"db": "NVD",
"id": "CVE-2024-34218"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021518"
}
],
"trust": 0.8
}
}
VAR-202405-4016
Vulnerability from variot - Updated: 2025-06-15 23:40TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cpe cp450 v4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"cve": "CVE-2024-34210",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12180",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34210",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34210",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021764",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12180",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China\u0027s Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34210"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "CNVD",
"id": "CNVD-2025-12180"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34210",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12180",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"id": "VAR-202405-4016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
}
]
},
"last_update_date": "2025-06-15T23:40:54.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CPE CP450 CloudACMunualUpdate method command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695886"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/cloudacmunualupdate_injection"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34210"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"date": "2025-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"date": "2024-05-14T15:38:34.720000",
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12180"
},
{
"date": "2025-04-10T02:22:00",
"db": "JVNDB",
"id": "JVNDB-2024-021764"
},
{
"date": "2025-04-09T14:15:42.557000",
"db": "NVD",
"id": "CVE-2024-34210"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021764"
}
],
"trust": 0.8
}
}
VAR-202405-3990
Vulnerability from variot - Updated: 2025-06-15 23:36TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the CloudACMunualUpdate method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-3990",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"cve": "CVE-2024-34212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12179",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34212",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021777",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34212",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021777",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12179",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. The vulnerability is caused by the CloudACMunualUpdate method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34212"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "CNVD",
"id": "CNVD-2025-12179"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34212",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12179",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"id": "VAR-202405-3990",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
}
]
},
"last_update_date": "2025-06-15T23:36:10.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 CloudACMunualUpdate method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695881"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/cloudacmunualupdate_overflow"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34212"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"date": "2025-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"date": "2024-05-14T15:38:35",
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12179"
},
{
"date": "2025-04-10T02:36:00",
"db": "JVNDB",
"id": "JVNDB-2024-021777"
},
{
"date": "2025-04-09T14:15:33.230000",
"db": "NVD",
"id": "CVE-2024-34212"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021777"
}
],
"trust": 0.8
}
}
VAR-202405-3996
Vulnerability from variot - Updated: 2025-06-15 23:30TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the getSaveConfig method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-3996",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"cve": "CVE-2024-34201",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12182",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34201",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021443",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34201",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021443",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12182",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. The vulnerability is caused by the getSaveConfig method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34201"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "CNVD",
"id": "CNVD-2025-12182"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34201",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12182",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"id": "VAR-202405-3996",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
}
]
},
"last_update_date": "2025-06-15T23:30:20.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 getSaveConfig method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695901"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/getsaveconfig"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34201"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"date": "2025-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"date": "2024-05-14T15:38:33.213000",
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12182"
},
{
"date": "2025-04-04T06:12:00",
"db": "JVNDB",
"id": "JVNDB-2024-021443"
},
{
"date": "2025-04-03T16:39:26.340000",
"db": "NVD",
"id": "CVE-2024-34201"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021443"
}
],
"trust": 0.8
}
}
VAR-202405-4059
Vulnerability from variot - Updated: 2025-06-15 23:30TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the addWlProfileClientMode method failing to properly verify the length of the input data. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"cve": "CVE-2024-34217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-12178",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2024-34217",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-021921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021921",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12178",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. The vulnerability is caused by the addWlProfileClientMode method failing to properly verify the length of the input data. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34217"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "CNVD",
"id": "CNVD-2025-12178"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34217",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12178",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"id": "VAR-202405-4059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
}
]
},
"last_update_date": "2025-06-15T23:30:19.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 addWlProfileClientMode method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695876"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/addwlprofileclientmode"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"date": "2025-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"date": "2024-05-14T15:38:35.587000",
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12178"
},
{
"date": "2025-04-11T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2024-021921"
},
{
"date": "2025-04-09T14:15:10.640000",
"db": "NVD",
"id": "CVE-2024-34217"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021921"
}
],
"trust": 0.8
}
}
VAR-202405-4002
Vulnerability from variot - Updated: 2025-06-15 23:16TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the setIpPortFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-4002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp450",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.0cu.747_b20191224"
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "cp450 firmware 4.1.0cu.747 b20191224"
},
{
"model": "cp450",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "cp450 4.1.0cu.747 b20191224",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"cve": "CVE-2024-34209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-021923",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34209",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021923",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-12184",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China\u0027s TOTOLINK Electronics. The vulnerability is caused by the setIpPortFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34209"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "CNVD",
"id": "CNVD-2025-12184"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34209",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12184",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"id": "VAR-202405-4002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
}
]
},
"last_update_date": "2025-06-15T23:16:48.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK CP450 setIpPortFilterRules method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/695916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/n0wstr/iotvuln/tree/main/cp450/setipportfilterrules"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34209"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"date": "2025-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"date": "2024-05-14T15:38:34.560000",
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12184"
},
{
"date": "2025-04-11T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2024-021923"
},
{
"date": "2025-04-09T14:15:47.630000",
"db": "NVD",
"id": "CVE-2024-34209"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0cp450\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021923"
}
],
"trust": 0.8
}
}