Details of VAR-202401-1183

ID

VAR-202401-1183

CVE

CVE-2024-0998

TITLE

TOTOLINK of N200RE Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-002083

DESCRIPTION

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N200RE is a wireless router designed for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability. Detailed vulnerability details are not available at this time

Trust: 2.16

sources: NVD: CVE-2024-0998 // JVNDB: JVNDB-2024-002083 // CNVD: CNVD-2025-21039

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21039

AFFECTED PRODUCTS

vendor:	totolink	model:	n200re	scope:	eq	version:	9.3.5u.6139_b20201216	Trust: 1.0
vendor:	totolink	model:	n200re	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n200re	scope:	eq	version:	n200re firmware 9.3.5u.6139 b20201216	Trust: 0.8
vendor:	totolink	model:	n200re	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n200re 9.3.5u.6139 b20201216	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-21039 // JVNDB: JVNDB-2024-002083 // NVD: CVE-2024-0998

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0998
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-0998
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-0998
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21039
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-0998
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-21039
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0998
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0998
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0998
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21039 // JVNDB: JVNDB-2024-002083 // NVD: CVE-2024-0998 // NVD: CVE-2024-0998

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-002083 // NVD: CVE-2024-0998

PATCH

title:

Patch for TOTOLINK N200RE /cgi-bin/cstecgi.cgi buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/729711

Trust: 0.6

sources: CNVD: CNVD-2025-21039

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0998	Trust: 3.2
db:	VULDB	id:	252267	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-002083	Trust: 0.8
db:	CNVD	id:	CNVD-2025-21039	Trust: 0.6

sources: CNVD: CNVD-2025-21039 // JVNDB: JVNDB-2024-002083 // NVD: CVE-2024-0998

REFERENCES

url:	https://jylsec.notion.site/totolink-n200re-has-stack-buffer-overflow-vulnerability-in-setdiagnosiscfg-b2d36451543e4c6da063646721a24604?pvs=4	Trust: 1.8
url:	https://vuldb.com/?ctiid.252267	Trust: 1.8
url:	https://vuldb.com/?id.252267	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-0998	Trust: 1.4

sources: CNVD: CNVD-2025-21039 // JVNDB: JVNDB-2024-002083 // NVD: CVE-2024-0998

SOURCES

db:	CNVD	id:	CNVD-2025-21039
db:	JVNDB	id:	JVNDB-2024-002083
db:	NVD	id:	CVE-2024-0998

LAST UPDATE DATE

2025-09-12T23:44:34.419000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21039	date:	2025-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-002083	date:	2024-02-07T06:16:00
db:	NVD	id:	CVE-2024-0998	date:	2024-05-17T02:35:08.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21039	date:	2025-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-002083	date:	2024-02-07T00:00:00
db:	NVD	id:	CVE-2024-0998	date:	2024-01-29T13:15:08.470