Details of VAR-202401-0464

ID

VAR-202401-0464

CVE

CVE-2024-0572

TITLE

TOTOLINK of lr1200gb Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001430

DESCRIPTION

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. This vulnerability stems from the failure to properly validate the length of the input data in the setOpModeCfg function in the /cgi-bin/cstecgi.cgi file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-0572 // JVNDB: JVNDB-2024-001430 // CNVD: CNVD-2025-17968

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17968

AFFECTED PRODUCTS

vendor:	totolink	model:	lr1200gb	scope:	eq	version:	9.1.0u.6619_b20230130	Trust: 1.0
vendor:	totolink	model:	lr1200gb	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	lr1200gb	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	lr1200gb	scope:	eq	version:	lr1200gb firmware 9.1.0u.6619 b20230130	Trust: 0.8
vendor:	totolink	model:	lr1200gb 9.1.0u.6619 b20230130	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17968 // JVNDB: JVNDB-2024-001430 // NVD: CVE-2024-0572

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0572
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-0572
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-0572
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-17968
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-0572
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-17968
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0572
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0572
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0572
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17968 // JVNDB: JVNDB-2024-001430 // NVD: CVE-2024-0572 // NVD: CVE-2024-0572

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001430 // NVD: CVE-2024-0572

PATCH

title:

Patch for TOTOLINK LR1200GB setOpModeCfg function buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/717096

Trust: 0.6

sources: CNVD: CNVD-2025-17968

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0572	Trust: 3.2
db:	VULDB	id:	250788	Trust: 1.6
db:	JVNDB	id:	JVNDB-2024-001430	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17968	Trust: 0.6

sources: CNVD: CNVD-2025-17968 // JVNDB: JVNDB-2024-001430 // NVD: CVE-2024-0572

REFERENCES

url:	https://vuldb.com/?id.250788	Trust: 1.6
url:	https://github.com/jylsec/vuldb/blob/main/totolink/lr1200gb/2/readme.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.250788	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-0572	Trust: 0.8

sources: CNVD: CNVD-2025-17968 // JVNDB: JVNDB-2024-001430 // NVD: CVE-2024-0572

SOURCES

db:	CNVD	id:	CNVD-2025-17968
db:	JVNDB	id:	JVNDB-2024-001430
db:	NVD	id:	CVE-2024-0572

LAST UPDATE DATE

2025-08-10T23:31:56.327000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17968	date:	2025-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-001430	date:	2024-02-05T04:39:00
db:	NVD	id:	CVE-2024-0572	date:	2024-05-17T02:34:47.253

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17968	date:	2025-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-001430	date:	2024-02-05T00:00:00
db:	NVD	id:	CVE-2024-0572	date:	2024-01-16T14:15:49.227