Sign-up

ID

VAR-202407-2402


CVE

CVE-2024-7157


TITLE

TOTOLINK  of  A3100R  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109

DESCRIPTION

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3100R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. The vulnerability is caused by the http_host of the getSaveConfig function of /cgi-bin/cstecgi.cgi?action=save&setting failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2024-7157 // JVNDB: JVNDB-2024-005109 // CNVD: CNVD-2025-07820

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07820

AFFECTED PRODUCTS

vendor:totolinkmodel:a3100rscope:eqversion:4.1.2cu.5050_b20200504

Trust: 1.0

vendor:totolinkmodel:a3100rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3100rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3100rscope:eqversion:a3100r firmware 4.1.2cu.5050 b20200504

Trust: 0.8

vendor:totolinkmodel:a3100r 4.1.2cu.5050 b20200504scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07820 // JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7157
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-7157
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-005109
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-07820
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-7157
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-005109
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-07820
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-7157
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2024-005109
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-07820 // JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157 // NVD: CVE-2024-7157

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

PATCH

title:Patch for TOTOLINK A3100R Buffer Overflow Vulnerability (CNVD-2025-07820)url:https://www.cnvd.org.cn/patchInfo/show/678471

Trust: 0.6

sources: CNVD: CNVD-2025-07820

EXTERNAL IDS

db:NVDid:CVE-2024-7157

Trust: 3.2

db:VULDBid:272571

Trust: 2.4

db:JVNDBid:JVNDB-2024-005109

Trust: 0.8

db:CNVDid:CNVD-2025-07820

Trust: 0.6

sources: CNVD: CNVD-2025-07820 // JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

REFERENCES

url:https://vuldb.com/?id.272571

Trust: 2.4

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3100r/getsaveconfig.md

Trust: 1.8

url:https://vuldb.com/?submit.377542

Trust: 1.8

url:https://vuldb.com/?ctiid.272571

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-7157

Trust: 0.8

sources: CNVD: CNVD-2025-07820 // JVNDB: JVNDB-2024-005109 // NVD: CVE-2024-7157

SOURCES

db:CNVDid:CNVD-2025-07820
db:JVNDBid:JVNDB-2024-005109
db:NVDid:CVE-2024-7157

LAST UPDATE DATE

2025-04-22T23:28:21.426000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07820date:2025-04-21T00:00:00
db:JVNDBid:JVNDB-2024-005109date:2024-08-13T01:38:00
db:NVDid:CVE-2024-7157date:2024-08-08T12:17:46.953

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07820date:2025-04-10T00:00:00
db:JVNDBid:JVNDB-2024-005109date:2024-08-13T00:00:00
db:NVDid:CVE-2024-7157date:2024-07-28T11:15:12.107