Details of VAR-202404-2870

ID

VAR-202404-2870

CVE

CVE-2024-31814

TITLE

TOTOLINK of EX200 Firmware vulnerability regarding authentication bypass using alternative paths or channels

Trust: 0.8

sources: JVNDB: JVNDB-2024-020822

DESCRIPTION

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. TOTOLINK of EX200 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2024-31814 // JVNDB: JVNDB-2024-020822 // CNVD: CNVD-2025-17963

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17963

AFFECTED PRODUCTS

vendor:	totolink	model:	ex200	scope:	eq	version:	4.0.3c.7646_b20201211	Trust: 1.0
vendor:	totolink	model:	ex200	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	eq	version:	ex200 firmware 4.0.3c.7646 b20201211	Trust: 0.8
vendor:	totolink	model:	ex200 v4.0.3c.7646 b20201211	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17963 // JVNDB: JVNDB-2024-020822 // NVD: CVE-2024-31814

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-31814
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020822
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17963
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17963
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-31814
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020822
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17963 // JVNDB: JVNDB-2024-020822 // NVD: CVE-2024-31814

PROBLEMTYPE DATA

problemtype:	CWE-288	Trust: 1.0
problemtype:	Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020822 // NVD: CVE-2024-31814

PATCH

title:

Patch for TOTOLINK EX200 has an unspecified vulnerability (CNVD-2025-17963)

url:

https://www.cnvd.org.cn/patchInfo/show/717071

Trust: 0.6

sources: CNVD: CNVD-2025-17963

EXTERNAL IDS

db:	NVD	id:	CVE-2024-31814	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020822	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17963	Trust: 0.6

sources: CNVD: CNVD-2025-17963 // JVNDB: JVNDB-2024-020822 // NVD: CVE-2024-31814

REFERENCES

url:	https://github.com/4hsien/cve-vulns/blob/main/totolink/ex200/login_bypass/bypass.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-31814	Trust: 0.8

sources: CNVD: CNVD-2025-17963 // JVNDB: JVNDB-2024-020822 // NVD: CVE-2024-31814

SOURCES

db:	CNVD	id:	CNVD-2025-17963
db:	JVNDB	id:	JVNDB-2024-020822
db:	NVD	id:	CVE-2024-31814

LAST UPDATE DATE

2025-08-10T23:26:13.408000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17963	date:	2025-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-020822	date:	2025-03-25T00:47:00
db:	NVD	id:	CVE-2024-31814	date:	2025-03-18T16:03:02.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17963	date:	2025-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-020822	date:	2025-03-25T00:00:00
db:	NVD	id:	CVE-2024-31814	date:	2024-04-08T13:15:08.887