Details of VAR-202401-1161

ID

VAR-202401-1161

CVE

CVE-2024-0943

TITLE

TOTOLINK of n350rt Firmware Session Expiration Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-001935

DESCRIPTION

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N350RT is a small home router from China's Zeon Electronics (TOTOLINK) company. An attacker could exploit this vulnerability to gain access to other users' sessions

Trust: 2.16

sources: NVD: CVE-2024-0943 // JVNDB: JVNDB-2024-001935 // CNVD: CNVD-2024-07859

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-07859

AFFECTED PRODUCTS

vendor:	totolink	model:	n350rt	scope:	eq	version:	9.3.5u.6255	Trust: 1.0
vendor:	totolink	model:	n350rt	scope:	eq	version:	n350rt firmware 9.3.5u.6255	Trust: 0.8
vendor:	totolink	model:	n350rt	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n350rt	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n350rt 9.3.5u.6255	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-07859 // JVNDB: JVNDB-2024-001935 // NVD: CVE-2024-0943

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0943
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-0943
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-001935
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-07859
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-0943
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-001935
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-07859
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0943
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0943
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-001935
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-07859 // JVNDB: JVNDB-2024-001935 // NVD: CVE-2024-0943 // NVD: CVE-2024-0943

PROBLEMTYPE DATA

problemtype:	CWE-613	Trust: 1.0
problemtype:	Inappropriate session deadline (CWE-613) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001935 // NVD: CVE-2024-0943

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0943	Trust: 3.2
db:	VULDB	id:	252187	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-001935	Trust: 0.8
db:	CNVD	id:	CNVD-2024-07859	Trust: 0.6

sources: CNVD: CNVD-2024-07859 // JVNDB: JVNDB-2024-001935 // NVD: CVE-2024-0943

REFERENCES

url:	https://drive.google.com/file/d/1obs4kc1kvbqrmhqhs54wtwxxxiboi0hl/view?usp=sharing	Trust: 1.8
url:	https://vuldb.com/?id.252187	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-0943	Trust: 1.4
url:	https://vuldb.com/?ctiid.252187	Trust: 1.0
url:	https://vuldb.com/?submit.269680	Trust: 1.0

sources: CNVD: CNVD-2024-07859 // JVNDB: JVNDB-2024-001935 // NVD: CVE-2024-0943

SOURCES

db:	CNVD	id:	CNVD-2024-07859
db:	JVNDB	id:	JVNDB-2024-001935
db:	NVD	id:	CVE-2024-0943

LAST UPDATE DATE

2024-08-14T14:59:53.620000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-07859	date:	2024-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-001935	date:	2024-03-05T02:45:00
db:	NVD	id:	CVE-2024-0943	date:	2024-05-17T02:35:05.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-07859	date:	2024-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2024-001935	date:	2024-02-07T00:00:00
db:	NVD	id:	CVE-2024-0943	date:	2024-01-26T20:15:54.640