Sign-up

ID

VAR-202401-0463


CVE

CVE-2024-0575


TITLE

TOTOLINK  of  lr1200gb  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001418

DESCRIPTION

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a dual-band 4G LTE wireless router manufactured by TOTOLINK, a Chinese company. It supports both 2.4GHz and 5GHz dual-band networks and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. This vulnerability stems from the fact that the `command` parameter of the `setTracerouteCfg` function in the `/cgi-bin/cstecgi.cgi` file fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

Trust: 2.16

sources: NVD: CVE-2024-0575 // JVNDB: JVNDB-2024-001418 // CNVD: CNVD-2025-30279

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30279

AFFECTED PRODUCTS

vendor:totolinkmodel:lr1200gbscope:eqversion:9.1.0u.6619_b20230130

Trust: 1.0

vendor:totolinkmodel:lr1200gbscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:lr1200gbscope: - version: -

Trust: 0.8

vendor:totolinkmodel:lr1200gbscope:eqversion:lr1200gb firmware 9.1.0u.6619 b20230130

Trust: 0.8

vendor:totolinkmodel:lr1200gb 9.1.0u.6619 b20230130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-30279 // JVNDB: JVNDB-2024-001418 // NVD: CVE-2024-0575

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-0575
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-0575
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-0575
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-30279
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-0575
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-30279
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-0575
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-0575
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-0575
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-30279 // JVNDB: JVNDB-2024-001418 // NVD: CVE-2024-0575 // NVD: CVE-2024-0575

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001418 // NVD: CVE-2024-0575

PATCH

title:Patch for TOTOLINK LR1200GB setTracerouteCfg function stack buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/778421

Trust: 0.6

sources: CNVD: CNVD-2025-30279

EXTERNAL IDS

db:NVDid:CVE-2024-0575

Trust: 3.2

db:VULDBid:250791

Trust: 2.4

db:JVNDBid:JVNDB-2024-001418

Trust: 0.8

db:CNVDid:CNVD-2025-30279

Trust: 0.6

sources: CNVD: CNVD-2025-30279 // JVNDB: JVNDB-2024-001418 // NVD: CVE-2024-0575

REFERENCES

url:https://vuldb.com/?id.250791

Trust: 2.4

url:https://github.com/jylsec/vuldb/blob/main/totolink/lr1200gb/5/readme.md

Trust: 1.0

url:https://vuldb.com/?ctiid.250791

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-0575

Trust: 0.8

sources: CNVD: CNVD-2025-30279 // JVNDB: JVNDB-2024-001418 // NVD: CVE-2024-0575

SOURCES

db:CNVDid:CNVD-2025-30279
db:JVNDBid:JVNDB-2024-001418
db:NVDid:CVE-2024-0575

LAST UPDATE DATE

2025-12-19T22:57:05.173000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30279date:2025-12-09T00:00:00
db:JVNDBid:JVNDB-2024-001418date:2024-02-05T03:12:00
db:NVDid:CVE-2024-0575date:2024-05-17T02:34:47.570

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30279date:2025-12-08T00:00:00
db:JVNDBid:JVNDB-2024-001418date:2024-02-05T00:00:00
db:NVDid:CVE-2024-0575date:2024-01-16T15:15:09.327