Details of VAR-202405-3990

ID

VAR-202405-3990

CVE

CVE-2024-34212

TITLE

TOTOLINK of cp450 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021777

DESCRIPTION

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the CloudACMunualUpdate method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-34212 // JVNDB: JVNDB-2024-021777 // CNVD: CNVD-2025-12179

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12179

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450 4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12179 // JVNDB: JVNDB-2024-021777 // NVD: CVE-2024-34212

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34212
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-021777
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12179
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12179
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34212
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021777
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12179 // JVNDB: JVNDB-2024-021777 // NVD: CVE-2024-34212

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021777 // NVD: CVE-2024-34212

PATCH

title:

Patch for TOTOLINK CP450 CloudACMunualUpdate method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/695881

Trust: 0.6

sources: CNVD: CNVD-2025-12179

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34212	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021777	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12179	Trust: 0.6

sources: CNVD: CNVD-2025-12179 // JVNDB: JVNDB-2024-021777 // NVD: CVE-2024-34212

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/cloudacmunualupdate_overflow	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34212	Trust: 0.8

sources: CNVD: CNVD-2025-12179 // JVNDB: JVNDB-2024-021777 // NVD: CVE-2024-34212

SOURCES

db:	CNVD	id:	CNVD-2025-12179
db:	JVNDB	id:	JVNDB-2024-021777
db:	NVD	id:	CVE-2024-34212

LAST UPDATE DATE

2025-06-15T23:36:10.475000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12179	date:	2025-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-021777	date:	2025-04-10T02:36:00
db:	NVD	id:	CVE-2024-34212	date:	2025-04-09T14:15:33.230

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12179	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-021777	date:	2025-04-10T00:00:00
db:	NVD	id:	CVE-2024-34212	date:	2024-05-14T15:38:35