Details of VAR-202407-2450

ID

VAR-202407-2450

CVE

CVE-2024-7182

TITLE

TOTOLINK of a3600r Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-006410

DESCRIPTION

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, and even device crash or malfunction

Trust: 2.16

sources: NVD: CVE-2024-7182 // JVNDB: JVNDB-2024-006410 // CNVD: CNVD-2025-14783

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-14783

AFFECTED PRODUCTS

vendor:	totolink	model:	a3600r	scope:	eq	version:	4.1.2cu.5182_b20201102	Trust: 1.0
vendor:	totolink	model:	a3600r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3600r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3600r	scope:	eq	version:	a3600r firmware 4.1.2cu.5182 b20201102	Trust: 0.8
vendor:	totolink	model:	a3600r 4.1.2cu.5182 b20201102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-14783 // JVNDB: JVNDB-2024-006410 // NVD: CVE-2024-7182

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7182
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-7182
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-006410
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-14783
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-7182
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-006410
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-14783
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7182
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-006410
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-14783 // JVNDB: JVNDB-2024-006410 // NVD: CVE-2024-7182 // NVD: CVE-2024-7182

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-006410 // NVD: CVE-2024-7182

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7182	Trust: 3.2
db:	VULDB	id:	272603	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-006410	Trust: 0.8
db:	CNVD	id:	CNVD-2025-14783	Trust: 0.6

sources: CNVD: CNVD-2025-14783 // JVNDB: JVNDB-2024-006410 // NVD: CVE-2024-7182

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3600r/setupgradefw.md	Trust: 2.4
url:	https://vuldb.com/?submit.378051	Trust: 2.4
url:	https://vuldb.com/?ctiid.272603	Trust: 2.4
url:	https://vuldb.com/?id.272603	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7182	Trust: 0.8

sources: CNVD: CNVD-2025-14783 // JVNDB: JVNDB-2024-006410 // NVD: CVE-2024-7182

SOURCES

db:	CNVD	id:	CNVD-2025-14783
db:	JVNDB	id:	JVNDB-2024-006410
db:	NVD	id:	CVE-2024-7182

LAST UPDATE DATE

2025-07-04T23:44:26.128000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-14783	date:	2025-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-006410	date:	2024-08-26T01:20:00
db:	NVD	id:	CVE-2024-7182	date:	2024-08-23T14:29:14.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-14783	date:	2025-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-006410	date:	2024-08-26T00:00:00
db:	NVD	id:	CVE-2024-7182	date:	2024-07-29T04:15:02.473