Details of VAR-202405-4040

ID

VAR-202405-4040

CVE

CVE-2024-34200

TITLE

TOTOLINK of cp450 Out-of-bounds read vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021614

DESCRIPTION

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. TOTOLINK of cp450 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's TOTOLINK Electronics Co., Ltd., mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setIpQosRules method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-34200 // JVNDB: JVNDB-2024-021614 // CNVD: CNVD-2025-15262

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15262

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cpe cp450 v4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15262 // JVNDB: JVNDB-2024-021614 // NVD: CVE-2024-34200

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34200
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-021614
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15262
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15262
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34200
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021614
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15262 // JVNDB: JVNDB-2024-021614 // NVD: CVE-2024-34200

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021614 // NVD: CVE-2024-34200

PATCH

title:

Patch for TOTOLINK CPE CP450 setIpQosRules method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/705806

Trust: 0.6

sources: CNVD: CNVD-2025-15262

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34200	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021614	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15262	Trust: 0.6

sources: CNVD: CNVD-2025-15262 // JVNDB: JVNDB-2024-021614 // NVD: CVE-2024-34200

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/setipqosrules	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34200	Trust: 0.8

sources: CNVD: CNVD-2025-15262 // JVNDB: JVNDB-2024-021614 // NVD: CVE-2024-34200

SOURCES

db:	CNVD	id:	CNVD-2025-15262
db:	JVNDB	id:	JVNDB-2024-021614
db:	NVD	id:	CVE-2024-34200

LAST UPDATE DATE

2025-07-09T23:13:42.076000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15262	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-021614	date:	2025-04-08T08:05:00
db:	NVD	id:	CVE-2024-34200	date:	2025-04-03T16:39:33.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15262	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-021614	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2024-34200	date:	2024-05-14T15:38:33.103