Details of VAR-202405-4039

ID

VAR-202405-4039

CVE

CVE-2024-34202

TITLE

TOTOLINK of cp450 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021386

DESCRIPTION

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China's TOTOLINK Electronics Co., Ltd. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setMacFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-34202 // JVNDB: JVNDB-2024-021386 // CNVD: CNVD-2025-15263

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15263

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450 4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15263 // JVNDB: JVNDB-2024-021386 // NVD: CVE-2024-34202

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34202
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-021386
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-15263
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15263
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34202
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021386
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15263 // JVNDB: JVNDB-2024-021386 // NVD: CVE-2024-34202

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021386 // NVD: CVE-2024-34202

PATCH

title:

Patch for TOTOLINK CP450 setMacFilterRules method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/705811

Trust: 0.6

sources: CNVD: CNVD-2025-15263

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34202	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021386	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15263	Trust: 0.6

sources: CNVD: CNVD-2025-15263 // JVNDB: JVNDB-2024-021386 // NVD: CVE-2024-34202

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/setmacfilterrules	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34202	Trust: 0.8

sources: CNVD: CNVD-2025-15263 // JVNDB: JVNDB-2024-021386 // NVD: CVE-2024-34202

SOURCES

db:	CNVD	id:	CNVD-2025-15263
db:	JVNDB	id:	JVNDB-2024-021386
db:	NVD	id:	CVE-2024-34202

LAST UPDATE DATE

2025-07-09T22:54:04.030000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15263	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-021386	date:	2025-04-04T02:59:00
db:	NVD	id:	CVE-2024-34202	date:	2025-04-03T16:39:21.730

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15263	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-021386	date:	2025-04-04T00:00:00
db:	NVD	id:	CVE-2024-34202	date:	2024-05-14T15:38:33.323