Details of VAR-202408-0332

ID

VAR-202408-0332

CVE

CVE-2024-7336

TITLE

TOTOLINK of EX200 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005342

DESCRIPTION

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of EX200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender designed to expand the coverage of existing Wi-Fi networks. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-7336 // JVNDB: JVNDB-2024-005342 // CNVD: CNVD-2025-13899

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13899

AFFECTED PRODUCTS

vendor:	totolink	model:	ex200	scope:	eq	version:	4.0.3c.7646_b20201211	Trust: 1.0
vendor:	totolink	model:	ex200	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex200	scope:	eq	version:	ex200 firmware 4.0.3c.7646 b20201211	Trust: 0.8
vendor:	totolink	model:	ex200 v4.0.3c.7646 b20201211	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-13899 // JVNDB: JVNDB-2024-005342 // NVD: CVE-2024-7336

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7336
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-7336
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-005342
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13899
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-7336
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-005342
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13899
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7336
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-005342
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13899 // JVNDB: JVNDB-2024-005342 // NVD: CVE-2024-7336 // NVD: CVE-2024-7336

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005342 // NVD: CVE-2024-7336

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7336	Trust: 3.2
db:	VULDB	id:	273259	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-005342	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13899	Trust: 0.6

sources: CNVD: CNVD-2025-13899 // JVNDB: JVNDB-2024-005342 // NVD: CVE-2024-7336

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ex200/loginauth.md	Trust: 1.8
url:	https://vuldb.com/?submit.379314	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7336	Trust: 1.4
url:	https://vuldb.com/?ctiid.273259	Trust: 1.0
url:	https://vuldb.com/?id.273259	Trust: 1.0

sources: CNVD: CNVD-2025-13899 // JVNDB: JVNDB-2024-005342 // NVD: CVE-2024-7336

SOURCES

db:	CNVD	id:	CNVD-2025-13899
db:	JVNDB	id:	JVNDB-2024-005342
db:	NVD	id:	CVE-2024-7336

LAST UPDATE DATE

2025-06-29T23:14:10.133000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13899	date:	2025-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-005342	date:	2024-08-15T02:05:00
db:	NVD	id:	CVE-2024-7336	date:	2024-08-09T14:38:01.050

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13899	date:	2025-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-005342	date:	2024-08-15T00:00:00
db:	NVD	id:	CVE-2024-7336	date:	2024-08-01T03:15:01.717