Sign-up

ID

VAR-202401-0372


CVE

CVE-2024-0577


TITLE

TOTOLINK  of  lr1200gb  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001419

DESCRIPTION

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability. This vulnerability stems from the setLanguageCfg function in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of the input data in the lang parameter. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-0577 // JVNDB: JVNDB-2024-001419 // CNVD: CNVD-2025-17967

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17967

AFFECTED PRODUCTS

vendor:totolinkmodel:lr1200gbscope:eqversion:9.1.0u.6619_b20230130

Trust: 1.0

vendor:totolinkmodel:lr1200gbscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:lr1200gbscope: - version: -

Trust: 0.8

vendor:totolinkmodel:lr1200gbscope:eqversion:lr1200gb firmware 9.1.0u.6619 b20230130

Trust: 0.8

vendor:totolinkmodel:lr1200gb 9.1.0u.6619 b20230130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-17967 // JVNDB: JVNDB-2024-001419 // NVD: CVE-2024-0577

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-0577
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-0577
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-0577
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-17967
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-0577
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-17967
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-0577
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-0577
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-0577
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-17967 // JVNDB: JVNDB-2024-001419 // NVD: CVE-2024-0577 // NVD: CVE-2024-0577

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001419 // NVD: CVE-2024-0577

PATCH

title:Patch for TOTOLINK LR1200GB setLanguageCfg function buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/717091

Trust: 0.6

sources: CNVD: CNVD-2025-17967

EXTERNAL IDS

db:NVDid:CVE-2024-0577

Trust: 3.2

db:VULDBid:250793

Trust: 2.4

db:JVNDBid:JVNDB-2024-001419

Trust: 0.8

db:CNVDid:CNVD-2025-17967

Trust: 0.6

sources: CNVD: CNVD-2025-17967 // JVNDB: JVNDB-2024-001419 // NVD: CVE-2024-0577

REFERENCES

url:https://vuldb.com/?id.250793

Trust: 2.4

url:https://github.com/jylsec/vuldb/blob/main/totolink/lr1200gb/7/readme.md

Trust: 1.0

url:https://vuldb.com/?ctiid.250793

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-0577

Trust: 0.8

sources: CNVD: CNVD-2025-17967 // JVNDB: JVNDB-2024-001419 // NVD: CVE-2024-0577

SOURCES

db:CNVDid:CNVD-2025-17967
db:JVNDBid:JVNDB-2024-001419
db:NVDid:CVE-2024-0577

LAST UPDATE DATE

2025-08-10T23:27:57.688000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-17967date:2025-08-08T00:00:00
db:JVNDBid:JVNDB-2024-001419date:2024-02-05T03:26:00
db:NVDid:CVE-2024-0577date:2024-05-17T02:34:47.787

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-17967date:2025-08-08T00:00:00
db:JVNDBid:JVNDB-2024-001419date:2024-02-05T00:00:00
db:NVDid:CVE-2024-0577date:2024-01-16T16:15:14.787