Details of VAR-202404-1754

ID

VAR-202404-1754

CVE

CVE-2024-32325

TITLE

TOTOLINK of EX200 Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-023803

DESCRIPTION

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2024-32325 // JVNDB: JVNDB-2024-023803 // CNVD: CNVD-2025-17470

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17470

AFFECTED PRODUCTS

vendor:	totolink	model:	ex200	scope:	eq	version:	4.0.3c.7646_b20201211	Trust: 1.0
vendor:	totolink	model:	ex200	scope:	eq	version:	ex200 firmware 4.0.3c.7646 b20201211	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200 v4.0.3c.7646 b20201211	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17470 // JVNDB: JVNDB-2024-023803 // NVD: CVE-2024-32325

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-32325
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2024-023803
value:	LOW
Trust: 0.8
CNVD:	CNVD-2025-17470
value:	LOW
Trust: 0.6

CNVD:	CNVD-2025-17470
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-32325
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-023803
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17470 // JVNDB: JVNDB-2024-023803 // NVD: CVE-2024-32325

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-023803 // NVD: CVE-2024-32325

PATCH

title:

Patch for TOTOLINK EX200 setWiFiExtenderConfig method ssid parameter cross-site scripting vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/715086

Trust: 0.6

sources: CNVD: CNVD-2025-17470

EXTERNAL IDS

db:	NVD	id:	CVE-2024-32325	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-023803	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17470	Trust: 0.6

sources: CNVD: CNVD-2025-17470 // JVNDB: JVNDB-2024-023803 // NVD: CVE-2024-32325

REFERENCES

url:	https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/xss_ssid/readme.md	Trust: 1.8
url:	https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/144.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-32325	Trust: 1.4

sources: CNVD: CNVD-2025-17470 // JVNDB: JVNDB-2024-023803 // NVD: CVE-2024-32325

SOURCES

db:	CNVD	id:	CNVD-2025-17470
db:	JVNDB	id:	JVNDB-2024-023803
db:	NVD	id:	CVE-2024-32325

LAST UPDATE DATE

2025-08-06T23:20:59.448000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17470	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-023803	date:	2025-05-14T12:42:00
db:	NVD	id:	CVE-2024-32325	date:	2025-05-13T00:53:54.647

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17470	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-023803	date:	2025-05-14T00:00:00
db:	NVD	id:	CVE-2024-32325	date:	2024-04-18T17:15:48.740