Sign-up

ID

VAR-202405-2515


CVE

CVE-2024-35400


TITLE

TOTOLINK  of  CP900L  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021467

DESCRIPTION

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules. TOTOLINK of CP900L Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK CP900L is a wireless router from China's TOTOLINK Electronics. TOTOLINK CP900L has a stack buffer overflow vulnerability. The vulnerability is caused by the desc parameter of the SetPortForwardRules function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-35400 // JVNDB: JVNDB-2024-021467 // CNVD: CNVD-2025-15053

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15053

AFFECTED PRODUCTS

vendor:totolinkmodel:cp900lscope:eqversion:4.1.5cu.798_b20221228

Trust: 1.0

vendor:totolinkmodel:cp900lscope:eqversion:cp900l firmware 4.1.5cu.798 b20221228

Trust: 0.8

vendor:totolinkmodel:cp900lscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:cp900lscope: - version: -

Trust: 0.8

vendor:totolinkmodel:cp900l v4.1.5cu.798 b20221228scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15053 // JVNDB: JVNDB-2024-021467 // NVD: CVE-2024-35400

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-35400
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-021467
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-15053
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-15053
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-35400
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-021467
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15053 // JVNDB: JVNDB-2024-021467 // NVD: CVE-2024-35400

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-021467 // NVD: CVE-2024-35400

EXTERNAL IDS

db:NVDid:CVE-2024-35400

Trust: 3.2

db:JVNDBid:JVNDB-2024-021467

Trust: 0.8

db:CNVDid:CNVD-2025-15053

Trust: 0.6

sources: CNVD: CNVD-2025-15053 // JVNDB: JVNDB-2024-021467 // NVD: CVE-2024-35400

REFERENCES

url:http://totolink.com

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-35400

Trust: 1.4

url:https://github.com/s4ndw1ch136/iot-vuln-reports/blob/main/totolink%20cp900l/setportforwardrules/readme.md

Trust: 1.0

sources: CNVD: CNVD-2025-15053 // JVNDB: JVNDB-2024-021467 // NVD: CVE-2024-35400

SOURCES

db:CNVDid:CNVD-2025-15053
db:JVNDBid:JVNDB-2024-021467
db:NVDid:CVE-2024-35400

LAST UPDATE DATE

2025-07-05T23:22:02.562000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15053date:2025-07-04T00:00:00
db:JVNDBid:JVNDB-2024-021467date:2025-04-04T07:01:00
db:NVDid:CVE-2024-35400date:2025-04-03T15:45:14.910

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15053date:2025-07-03T00:00:00
db:JVNDBid:JVNDB-2024-021467date:2025-04-04T00:00:00
db:NVDid:CVE-2024-35400date:2024-05-28T15:15:09.630