Details of VAR-202405-4059

ID

VAR-202405-4059

CVE

CVE-2024-34217

TITLE

TOTOLINK of cp450 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021921

DESCRIPTION

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the addWlProfileClientMode method failing to properly verify the length of the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2024-34217 // JVNDB: JVNDB-2024-021921 // CNVD: CNVD-2025-12178

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12178

AFFECTED PRODUCTS

vendor:	totolink	model:	cp450	scope:	eq	version:	4.1.0cu.747_b20191224	Trust: 1.0
vendor:	totolink	model:	cp450	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	eq	version:	cp450 firmware 4.1.0cu.747 b20191224	Trust: 0.8
vendor:	totolink	model:	cp450	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	cp450 4.1.0cu.747 b20191224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12178 // JVNDB: JVNDB-2024-021921 // NVD: CVE-2024-34217

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34217
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-021921
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12178
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12178
severity:	HIGH
baseScore:	7.3
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-34217
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021921
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12178 // JVNDB: JVNDB-2024-021921 // NVD: CVE-2024-34217

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021921 // NVD: CVE-2024-34217

PATCH

title:

Patch for TOTOLINK CP450 addWlProfileClientMode method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/695876

Trust: 0.6

sources: CNVD: CNVD-2025-12178

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34217	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-021921	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12178	Trust: 0.6

sources: CNVD: CNVD-2025-12178 // JVNDB: JVNDB-2024-021921 // NVD: CVE-2024-34217

REFERENCES

url:	https://github.com/n0wstr/iotvuln/tree/main/cp450/addwlprofileclientmode	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34217	Trust: 0.8

sources: CNVD: CNVD-2025-12178 // JVNDB: JVNDB-2024-021921 // NVD: CVE-2024-34217

SOURCES

db:	CNVD	id:	CNVD-2025-12178
db:	JVNDB	id:	JVNDB-2024-021921
db:	NVD	id:	CVE-2024-34217

LAST UPDATE DATE

2025-06-15T23:30:19.996000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12178	date:	2025-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-021921	date:	2025-04-11T08:51:00
db:	NVD	id:	CVE-2024-34217	date:	2025-04-09T14:15:10.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12178	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-021921	date:	2025-04-11T00:00:00
db:	NVD	id:	CVE-2024-34217	date:	2024-05-14T15:38:35.587