CRITICAL🇵🇱 Wersja polska

CVE-2024-31807

CVSS 9.8v3.1pub. 2024-04-08upd. 2025-03-18

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.

🤖 AI Analysis
How it works

The vulnerability (CWE-94 — code injection) occurs in the NTPSyncWithHost function, which insecurely processes the value of the hostTime parameter. An attacker can provide a crafted value of this parameter, leading to code injection and execution of arbitrary code on the device. The attack does not require authentication or user interaction, and its complexity is low.

Impact

An attacker can remotely execute arbitrary code with system privileges on the device, resulting in complete loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Due to the lack of required authentication, until the system is updated, it is recommended to isolate the device from untrusted networks and restrict access to the management interface only to trusted hosts.

Who is affected

TOTOLINK EX200 with firmware version V4.0.3c.7646_B20201211

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink Ex200

    HW
    Totolink
    wszystkie wersje
  • Totolink Ex200 Firmware

    OS
    Totolink
    4.0.3c.7646_b20201211
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-31810CRITICAL9.8PL ✓ten sam produkt

TOTOLINK EX200: zakodowane na stałe hasło roota w firmware

CVE-2024-31815CRITICAL9.1PL ✓ten sam produkt

TOTOLINK EX200 – nieautoryzowany dostęp do pliku konfiguracyjnego

CVE-2021-43711CRITICAL9.8ten sam produkt

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerabili...

CVE-2024-7335HIGH8.7ten sam produkt

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the...

CVE-2024-7336HIGH8.7ten sam produkt

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vul...