Details of VAR-202404-1011

ID

VAR-202404-1011

CVE

CVE-2024-32335

TITLE

TOTOLINK of N300RT Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021387

DESCRIPTION

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

Trust: 2.16

sources: NVD: CVE-2024-32335 // JVNDB: JVNDB-2024-021387 // CNVD: CNVD-2025-17516

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17516

AFFECTED PRODUCTS

vendor:	totolink	model:	n300rt	scope:	eq	version:	2.1.8-b20201030.1539	Trust: 1.0
vendor:	totolink	model:	n300rt	scope:	eq	version:	n300rt firmware 2.1.8-b20201030.1539	Trust: 0.8
vendor:	totolink	model:	n300rt	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n300rt	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n300rt v2.1.8-b20201030.1539	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17516 // JVNDB: JVNDB-2024-021387 // NVD: CVE-2024-32335

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-32335
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-021387
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-17516
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-17516
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-32335
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021387
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17516 // JVNDB: JVNDB-2024-021387 // NVD: CVE-2024-32335

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021387 // NVD: CVE-2024-32335

PATCH

title:

Patch for TOTOLINK N300RT Access Control Function Cross-Site Scripting Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/714961

Trust: 0.6

sources: CNVD: CNVD-2025-17516

EXTERNAL IDS

db:	NVD	id:	CVE-2024-32335	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021387	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17516	Trust: 0.6

sources: CNVD: CNVD-2025-17516 // JVNDB: JVNDB-2024-021387 // NVD: CVE-2024-32335

REFERENCES

url:	https://github.com/4hsien/cve-vulns/blob/main/totolink/n300rt/xss_2_access_control/readme.md	Trust: 1.8
url:	https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/154.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-32335	Trust: 1.4

sources: CNVD: CNVD-2025-17516 // JVNDB: JVNDB-2024-021387 // NVD: CVE-2024-32335

SOURCES

db:	CNVD	id:	CNVD-2025-17516
db:	JVNDB	id:	JVNDB-2024-021387
db:	NVD	id:	CVE-2024-32335

LAST UPDATE DATE

2025-08-06T23:19:03.407000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17516	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-021387	date:	2025-04-04T02:59:00
db:	NVD	id:	CVE-2024-32335	date:	2025-04-03T15:39:29.987

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17516	date:	2025-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2024-021387	date:	2025-04-04T00:00:00
db:	NVD	id:	CVE-2024-32335	date:	2024-04-18T17:15:49.100