Details of VAR-202401-1037

ID

VAR-202401-1037

CVE

CVE-2024-0944

TITLE

TOTOLINK of T8 Firmware Session Expiration Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-001934

DESCRIPTION

A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 A session expiration vulnerability exists in firmware.Information may be obtained. TOTOLINK T8 is a wireless dual-band router launched by China Jiong Electronics Co., Ltd., which supports Gigabit network. TOTOLINK T8 has a code problem vulnerability, which originates from some unknown functions of the file /cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at present

Trust: 2.16

sources: NVD: CVE-2024-0944 // JVNDB: JVNDB-2024-001934 // CNVD: CNVD-2025-15325

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15325

AFFECTED PRODUCTS

vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.833_20220905	Trust: 1.0
vendor:	totolink	model:	t8	scope:	eq	version:	t8 firmware 4.1.5cu.833 20220905	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t8 4.1.5cu.833 20220905	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15325 // JVNDB: JVNDB-2024-001934 // NVD: CVE-2024-0944

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0944
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-0944
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-0944
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-15325
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2024-0944
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-15325
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0944
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0944
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0944
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15325 // JVNDB: JVNDB-2024-001934 // NVD: CVE-2024-0944 // NVD: CVE-2024-0944

PROBLEMTYPE DATA

problemtype:	CWE-613	Trust: 1.0
problemtype:	Inappropriate session deadline (CWE-613) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001934 // NVD: CVE-2024-0944

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0944	Trust: 3.2
db:	VULDB	id:	252188	Trust: 1.6
db:	JVNDB	id:	JVNDB-2024-001934	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15325	Trust: 0.6

sources: CNVD: CNVD-2025-15325 // JVNDB: JVNDB-2024-001934 // NVD: CVE-2024-0944

REFERENCES

url:	https://drive.google.com/file/d/1ypissnxm5cwslkfgs9w5k5mtnugiijvo/view?usp=sharing	Trust: 1.8
url:	https://vuldb.com/?id.252188	Trust: 1.6
url:	https://vuldb.com/?ctiid.252188	Trust: 1.0
url:	https://vuldb.com/?submit.269681	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-0944	Trust: 0.8

sources: CNVD: CNVD-2025-15325 // JVNDB: JVNDB-2024-001934 // NVD: CVE-2024-0944

SOURCES

db:	CNVD	id:	CNVD-2025-15325
db:	JVNDB	id:	JVNDB-2024-001934
db:	NVD	id:	CVE-2024-0944

LAST UPDATE DATE

2025-07-10T22:48:31.317000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15325	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-001934	date:	2024-02-07T02:41:00
db:	NVD	id:	CVE-2024-0944	date:	2024-05-17T02:35:05.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15325	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-001934	date:	2024-02-07T00:00:00
db:	NVD	id:	CVE-2024-0944	date:	2024-01-26T20:15:54.863