Details of VAR-202405-4002

ID

VAR-202405-4002

CVE

CVE-2024-34209

TITLE

TOTOLINK of cp450 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021923

DESCRIPTION

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the setIpPortFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-34209 // JVNDB: JVNDB-2024-021923 // CNVD: CNVD-2025-12184

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12184

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450 4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12184 // JVNDB: JVNDB-2024-021923 // NVD: CVE-2024-34209

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34209
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-021923
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-12184
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12184
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34209
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021923
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12184 // JVNDB: JVNDB-2024-021923 // NVD: CVE-2024-34209

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021923 // NVD: CVE-2024-34209

PATCH

title:

Patch for TOTOLINK CP450 setIpPortFilterRules method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/695916

Trust: 0.6

sources: CNVD: CNVD-2025-12184

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34209	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021923	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12184	Trust: 0.6

sources: CNVD: CNVD-2025-12184 // JVNDB: JVNDB-2024-021923 // NVD: CVE-2024-34209

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/setipportfilterrules	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34209	Trust: 0.8

sources: CNVD: CNVD-2025-12184 // JVNDB: JVNDB-2024-021923 // NVD: CVE-2024-34209

SOURCES

db:	CNVD	id:	CNVD-2025-12184
db:	JVNDB	id:	JVNDB-2024-021923
db:	NVD	id:	CVE-2024-34209

LAST UPDATE DATE

2025-06-15T23:16:48.806000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12184	date:	2025-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-021923	date:	2025-04-11T08:51:00
db:	NVD	id:	CVE-2024-34209	date:	2025-04-09T14:15:47.630

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12184	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-021923	date:	2025-04-11T00:00:00
db:	NVD	id:	CVE-2024-34209	date:	2024-05-14T15:38:34.560