Sign-up

ID

VAR-202406-1807


CVE

CVE-2024-37635


TITLE

TOTOLINK  of  a3700r  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005096

DESCRIPTION

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiBasicCfg function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-37635 // JVNDB: JVNDB-2024-005096 // CNVD: CNVD-2025-14813

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14813

AFFECTED PRODUCTS

vendor:totolinkmodel:a3700rscope:eqversion:9.1.2u.6165_20211012

Trust: 1.0

vendor:totolinkmodel:a3700rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3700rscope:eqversion:a3700r firmware 9.1.2u.6165 20211012

Trust: 0.8

vendor:totolinkmodel:a3700rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3700r v9.1.2u.6165 20211012scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14813 // JVNDB: JVNDB-2024-005096 // NVD: CVE-2024-37635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37635
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-37635
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-37635
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-14813
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-14813
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37635
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-37635
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14813 // JVNDB: JVNDB-2024-005096 // NVD: CVE-2024-37635 // NVD: CVE-2024-37635

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005096 // NVD: CVE-2024-37635

EXTERNAL IDS

db:NVDid:CVE-2024-37635

Trust: 3.2

db:JVNDBid:JVNDB-2024-005096

Trust: 0.8

db:CNVDid:CNVD-2025-14813

Trust: 0.6

sources: CNVD: CNVD-2025-14813 // JVNDB: JVNDB-2024-005096 // NVD: CVE-2024-37635

REFERENCES

url:https://github.com/s4ndw1ch136/iot-vuln-reports/blob/main/totolink/a3700r/setwifibasiccfg/readme.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-37635

Trust: 0.8

sources: CNVD: CNVD-2025-14813 // JVNDB: JVNDB-2024-005096 // NVD: CVE-2024-37635

SOURCES

db:CNVDid:CNVD-2025-14813
db:JVNDBid:JVNDB-2024-005096
db:NVDid:CVE-2024-37635

LAST UPDATE DATE

2025-07-04T23:44:26.991000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14813date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2024-005096date:2024-08-13T01:36:00
db:NVDid:CVE-2024-37635date:2024-08-13T15:35:11.883

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14813date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2024-005096date:2024-08-13T00:00:00
db:NVDid:CVE-2024-37635date:2024-06-13T19:15:52.630