Sign-up

ID

VAR-202405-4052


CVE

CVE-2024-34203


TITLE

TOTOLINK  of  cp450  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021613

DESCRIPTION

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China Jiweng Electronics Co., Ltd., mainly used for wireless broadband access services in rural and remote areas. The vulnerability is caused by the setLanguageCfg method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-34203 // JVNDB: JVNDB-2024-021613 // CNVD: CNVD-2025-15733

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15733

AFFECTED PRODUCTS

vendor:totolinkmodel:cp450scope:eqversion:4.1.0cu.747_b20191224

Trust: 1.0

vendor:totolinkmodel:cp450scope:eqversion:cp450 firmware 4.1.0cu.747 b20191224

Trust: 0.8

vendor:totolinkmodel:cp450scope: - version: -

Trust: 0.8

vendor:totolinkmodel:cp450scope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:cp450 4.1.0cu.747 b20191224scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15733 // JVNDB: JVNDB-2024-021613 // NVD: CVE-2024-34203

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-34203
value: LOW

Trust: 1.0

OTHER: JVNDB-2024-021613
value: LOW

Trust: 0.8

CNVD: CNVD-2025-15733
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-15733
severity: MEDIUM
baseScore: 4.7
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-34203
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 2.5
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-021613
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15733 // JVNDB: JVNDB-2024-021613 // NVD: CVE-2024-34203

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-021613 // NVD: CVE-2024-34203

PATCH

title:Patch for TOTOLINK CP450 Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/706256

Trust: 0.6

sources: CNVD: CNVD-2025-15733

EXTERNAL IDS

db:NVDid:CVE-2024-34203

Trust: 3.2

db:JVNDBid:JVNDB-2024-021613

Trust: 0.8

db:CNVDid:CNVD-2025-15733

Trust: 0.6

sources: CNVD: CNVD-2025-15733 // JVNDB: JVNDB-2024-021613 // NVD: CVE-2024-34203

REFERENCES

url:https://github.com/n0wstr/iotvuln/tree/main/cp450/setlanguagecfg

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-34203

Trust: 0.8

sources: CNVD: CNVD-2025-15733 // JVNDB: JVNDB-2024-021613 // NVD: CVE-2024-34203

SOURCES

db:CNVDid:CNVD-2025-15733
db:JVNDBid:JVNDB-2024-021613
db:NVDid:CVE-2024-34203

LAST UPDATE DATE

2025-07-17T23:20:51.949000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15733date:2025-07-15T00:00:00
db:JVNDBid:JVNDB-2024-021613date:2025-04-08T08:05:00
db:NVDid:CVE-2024-34203date:2025-04-03T16:39:16.610

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15733date:2025-07-08T00:00:00
db:JVNDBid:JVNDB-2024-021613date:2025-04-08T00:00:00
db:NVDid:CVE-2024-34203date:2024-05-14T15:38:33.450