Details of VAR-202405-4016

ID

VAR-202405-4016

CVE

CVE-2024-34210

TITLE

TOTOLINK of cp450 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-021764

DESCRIPTION

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-34210 // JVNDB: JVNDB-2024-021764 // CNVD: CNVD-2025-12180

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12180

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cpe cp450 v4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12180 // JVNDB: JVNDB-2024-021764 // NVD: CVE-2024-34210

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34210
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-021764
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12180
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12180
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34210
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021764
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12180 // JVNDB: JVNDB-2024-021764 // NVD: CVE-2024-34210

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021764 // NVD: CVE-2024-34210

PATCH

title:

Patch for TOTOLINK CPE CP450 CloudACMunualUpdate method command injection vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/695886

Trust: 0.6

sources: CNVD: CNVD-2025-12180

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34210	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021764	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12180	Trust: 0.6

sources: CNVD: CNVD-2025-12180 // JVNDB: JVNDB-2024-021764 // NVD: CVE-2024-34210

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/cloudacmunualupdate_injection	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34210	Trust: 0.8

sources: CNVD: CNVD-2025-12180 // JVNDB: JVNDB-2024-021764 // NVD: CVE-2024-34210

SOURCES

db:	CNVD	id:	CNVD-2025-12180
db:	JVNDB	id:	JVNDB-2024-021764
db:	NVD	id:	CVE-2024-34210

LAST UPDATE DATE

2025-06-15T23:40:54.261000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12180	date:	2025-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-021764	date:	2025-04-10T02:22:00
db:	NVD	id:	CVE-2024-34210	date:	2025-04-09T14:15:42.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12180	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-021764	date:	2025-04-10T00:00:00
db:	NVD	id:	CVE-2024-34210	date:	2024-05-14T15:38:34.720