Details of VAR-202408-0337

ID

VAR-202408-0337

CVE

CVE-2024-7462

TITLE

TOTOLINK of n350rt Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005613

DESCRIPTION

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of n350rt Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N350RT is a small home router produced by China's TOTOLINK Electronics Company. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2024-7462 // JVNDB: JVNDB-2024-005613 // CNVD: CNVD-2025-13895

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13895

AFFECTED PRODUCTS

vendor:	totolink	model:	n350rt	scope:	eq	version:	9.3.5u.6139_b20201216	Trust: 1.0
vendor:	totolink	model:	n350rt	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n350rt	scope:	eq	version:	n350rt firmware 9.3.5u.6139 b20201216	Trust: 0.8
vendor:	totolink	model:	n350rt	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n350rt 9.3.5u.6139 b20201216	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-13895 // JVNDB: JVNDB-2024-005613 // NVD: CVE-2024-7462

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7462
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-7462
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-005613
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-13895
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-7462
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-005613
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13895
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7462
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-7462
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-005613
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13895 // JVNDB: JVNDB-2024-005613 // NVD: CVE-2024-7462 // NVD: CVE-2024-7462

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005613 // NVD: CVE-2024-7462

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7462	Trust: 3.2
db:	VULDB	id:	273555	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-005613	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13895	Trust: 0.6

sources: CNVD: CNVD-2025-13895 // JVNDB: JVNDB-2024-005613 // NVD: CVE-2024-7462

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/n350r/setwizardcfg.md	Trust: 1.8
url:	https://vuldb.com/?submit.381325	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7462	Trust: 1.4
url:	https://vuldb.com/?ctiid.273555	Trust: 1.0
url:	https://vuldb.com/?id.273555	Trust: 1.0

sources: CNVD: CNVD-2025-13895 // JVNDB: JVNDB-2024-005613 // NVD: CVE-2024-7462

SOURCES

db:	CNVD	id:	CNVD-2025-13895
db:	JVNDB	id:	JVNDB-2024-005613
db:	NVD	id:	CVE-2024-7462

LAST UPDATE DATE

2025-06-29T23:22:56.274000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13895	date:	2025-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-005613	date:	2024-08-19T02:01:00
db:	NVD	id:	CVE-2024-7462	date:	2024-08-15T13:16:26.113

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13895	date:	2025-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-005613	date:	2024-08-19T00:00:00
db:	NVD	id:	CVE-2024-7462	date:	2024-08-05T00:15:58.593