Sign-up

ID

VAR-202406-1438


CVE

CVE-2024-37632


TITLE

TOTOLINK  of  a3700r  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005097

DESCRIPTION

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the password parameter in the loginAuth function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-37632 // JVNDB: JVNDB-2024-005097 // CNVD: CNVD-2025-14812

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14812

AFFECTED PRODUCTS

vendor:totolinkmodel:a3700rscope:eqversion:9.1.2u.6165_20211012

Trust: 1.0

vendor:totolinkmodel:a3700rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3700rscope:eqversion:a3700r firmware 9.1.2u.6165 20211012

Trust: 0.8

vendor:totolinkmodel:a3700rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3700r v9.1.2u.6165 20211012scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14812 // JVNDB: JVNDB-2024-005097 // NVD: CVE-2024-37632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37632
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-37632
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-37632
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-14812
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-14812
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37632
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-37632
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-37632
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14812 // JVNDB: JVNDB-2024-005097 // NVD: CVE-2024-37632 // NVD: CVE-2024-37632

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005097 // NVD: CVE-2024-37632

EXTERNAL IDS

db:NVDid:CVE-2024-37632

Trust: 3.2

db:JVNDBid:JVNDB-2024-005097

Trust: 0.8

db:CNVDid:CNVD-2025-14812

Trust: 0.6

sources: CNVD: CNVD-2025-14812 // JVNDB: JVNDB-2024-005097 // NVD: CVE-2024-37632

REFERENCES

url:https://github.com/s4ndw1ch136/iot-vuln-reports/blob/main/totolink/a3700r/loginauth/readme.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-37632

Trust: 0.8

sources: CNVD: CNVD-2025-14812 // JVNDB: JVNDB-2024-005097 // NVD: CVE-2024-37632

SOURCES

db:CNVDid:CNVD-2025-14812
db:JVNDBid:JVNDB-2024-005097
db:NVDid:CVE-2024-37632

LAST UPDATE DATE

2025-07-04T23:35:35.192000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14812date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2024-005097date:2024-08-13T01:37:00
db:NVDid:CVE-2024-37632date:2025-03-13T18:15:41.463

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14812date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2024-005097date:2024-08-13T00:00:00
db:NVDid:CVE-2024-37632date:2024-06-13T19:15:52.357