Sign-up

ID

VAR-202405-3465


CVE

CVE-2024-35403


TITLE

TOTOLINK  of  CP900L  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021609

DESCRIPTION

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules. TOTOLINK of CP900L A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK CP900L is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the desc parameter of the setIpPortFilterRules function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-35403 // JVNDB: JVNDB-2024-021609 // CNVD: CNVD-2025-06863

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-06863

AFFECTED PRODUCTS

vendor:totolinkmodel:cp900lscope:eqversion:4.1.5cu.798_b20221228

Trust: 1.0

vendor:totolinkmodel:cp900lscope: - version: -

Trust: 0.8

vendor:totolinkmodel:cp900lscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:cp900lscope:eqversion:cp900l firmware 4.1.5cu.798 b20221228

Trust: 0.8

vendor:totolinkmodel:cp900l v4.1.5cu.798 b20221228scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-06863 // JVNDB: JVNDB-2024-021609 // NVD: CVE-2024-35403

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-35403
value: LOW

Trust: 1.0

OTHER: JVNDB-2024-021609
value: LOW

Trust: 0.8

CNVD: CNVD-2025-06863
value: LOW

Trust: 0.6

CNVD: CNVD-2025-06863
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-35403
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-021609
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-06863 // JVNDB: JVNDB-2024-021609 // NVD: CVE-2024-35403

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-021609 // NVD: CVE-2024-35403

EXTERNAL IDS

db:NVDid:CVE-2024-35403

Trust: 3.2

db:JVNDBid:JVNDB-2024-021609

Trust: 0.8

db:CNVDid:CNVD-2025-06863

Trust: 0.6

sources: CNVD: CNVD-2025-06863 // JVNDB: JVNDB-2024-021609 // NVD: CVE-2024-35403

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2024-35403

Trust: 1.4

url:https://github.com/s4ndw1ch136/iot-vuln-reports/blob/main/totolink%20cp900l/setipportfilterrules/readme.md

Trust: 1.0

sources: CNVD: CNVD-2025-06863 // JVNDB: JVNDB-2024-021609 // NVD: CVE-2024-35403

SOURCES

db:CNVDid:CNVD-2025-06863
db:JVNDBid:JVNDB-2024-021609
db:NVDid:CVE-2024-35403

LAST UPDATE DATE

2025-04-11T23:16:22.109000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-06863date:2025-04-09T00:00:00
db:JVNDBid:JVNDB-2024-021609date:2025-04-08T08:05:00
db:NVDid:CVE-2024-35403date:2025-04-03T00:01:30.570

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-06863date:2025-04-10T00:00:00
db:JVNDBid:JVNDB-2024-021609date:2025-04-08T00:00:00
db:NVDid:CVE-2024-35403date:2024-05-28T17:15:11.060