Details of VAR-202401-1088

ID

VAR-202401-1088

CVE

CVE-2024-0942

TITLE

TOTOLINK of N200RE_v5 Firmware Session Expiration Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-001936

DESCRIPTION

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology, supports up to 300Mbps wireless transmission rate, and is designed to meet the needs of home and small office networks. ‌ TOTOLINK N200RE has a code vulnerability, and no detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2024-0942 // JVNDB: JVNDB-2024-001936 // CNVD: CNVD-2025-15324

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15324

AFFECTED PRODUCTS

vendor:	totolink	model:	n200re-v5	scope:	eq	version:	9.3.5u.6255_b20211224	Trust: 1.0
vendor:	totolink	model:	n200re v5	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n200re v5	scope:	eq	version:	n200re_v5 firmware 9.3.5u.6255 b20211224	Trust: 0.8
vendor:	totolink	model:	n200re v5	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n200re 9.3.5u.6255 b20211224	scope:	eq	version:	v5	Trust: 0.6

sources: CNVD: CNVD-2025-15324 // JVNDB: JVNDB-2024-001936 // NVD: CVE-2024-0942

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0942
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-0942
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-0942
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-15324
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2024-0942
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-15324
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0942
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0942
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0942
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15324 // JVNDB: JVNDB-2024-001936 // NVD: CVE-2024-0942 // NVD: CVE-2024-0942

PROBLEMTYPE DATA

problemtype:	CWE-613	Trust: 1.0
problemtype:	Inappropriate session deadline (CWE-613) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001936 // NVD: CVE-2024-0942

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0942	Trust: 3.2
db:	VULDB	id:	252186	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-001936	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15324	Trust: 0.6

sources: CNVD: CNVD-2025-15324 // JVNDB: JVNDB-2024-001936 // NVD: CVE-2024-0942

REFERENCES

url:	https://vuldb.com/?id.252186	Trust: 2.4
url:	https://drive.google.com/file/d/1owagbmdthdiun1wsrah4znuzhouvtu4t/view?usp=sharing	Trust: 1.8
url:	https://youtu.be/b0tu2cilbnu	Trust: 1.8
url:	https://vuldb.com/?ctiid.252186	Trust: 1.0
url:	https://vuldb.com/?submit.269679	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-0942	Trust: 0.8

sources: CNVD: CNVD-2025-15324 // JVNDB: JVNDB-2024-001936 // NVD: CVE-2024-0942

SOURCES

db:	CNVD	id:	CNVD-2025-15324
db:	JVNDB	id:	JVNDB-2024-001936
db:	NVD	id:	CVE-2024-0942

LAST UPDATE DATE

2025-07-10T22:47:09.634000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15324	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-001936	date:	2024-02-07T02:41:00
db:	NVD	id:	CVE-2024-0942	date:	2024-05-17T02:35:05.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15324	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-001936	date:	2024-02-07T00:00:00
db:	NVD	id:	CVE-2024-0942	date:	2024-01-26T20:15:54.403