Details of VAR-202407-2606

ID

VAR-202407-2606

CVE

CVE-2024-7183

TITLE

TOTOLINK of a3600r Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-006532

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, and even device crash or malfunction

Trust: 2.16

sources: NVD: CVE-2024-7183 // JVNDB: JVNDB-2024-006532 // CNVD: CNVD-2025-14785

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-14785

AFFECTED PRODUCTS

vendor:	totolink	model:	a3600r	scope:	eq	version:	4.1.2cu.5182_b20201102	Trust: 1.0
vendor:	totolink	model:	a3600r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3600r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3600r	scope:	eq	version:	a3600r firmware 4.1.2cu.5182 b20201102	Trust: 0.8
vendor:	totolink	model:	a3600r 4.1.2cu.5182 b20201102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-14785 // JVNDB: JVNDB-2024-006532 // NVD: CVE-2024-7183

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7183
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-7183
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-006532
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-14785
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-7183
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-006532
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-14785
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7183
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-006532
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-14785 // JVNDB: JVNDB-2024-006532 // NVD: CVE-2024-7183 // NVD: CVE-2024-7183

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-006532 // NVD: CVE-2024-7183

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7183	Trust: 3.2
db:	VULDB	id:	272604	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-006532	Trust: 0.8
db:	CNVD	id:	CNVD-2025-14785	Trust: 0.6

sources: CNVD: CNVD-2025-14785 // JVNDB: JVNDB-2024-006532 // NVD: CVE-2024-7183

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3600r/setuploadsetting.md	Trust: 2.4
url:	https://vuldb.com/?submit.378052	Trust: 2.4
url:	https://vuldb.com/?ctiid.272604	Trust: 2.4
url:	https://vuldb.com/?id.272604	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7183	Trust: 0.8

sources: CNVD: CNVD-2025-14785 // JVNDB: JVNDB-2024-006532 // NVD: CVE-2024-7183

SOURCES

db:	CNVD	id:	CNVD-2025-14785
db:	JVNDB	id:	JVNDB-2024-006532
db:	NVD	id:	CVE-2024-7183

LAST UPDATE DATE

2025-07-04T23:50:31.956000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-14785	date:	2025-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-006532	date:	2024-08-26T06:03:00
db:	NVD	id:	CVE-2024-7183	date:	2024-08-23T14:31:33.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-14785	date:	2025-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-006532	date:	2024-08-26T00:00:00
db:	NVD	id:	CVE-2024-7183	date:	2024-07-29T05:15:01.820