Login Sign Up

CVE-2024-31813

8.4 HIGH
Authentication Bypass

📋 TL;DR

The TOTOLINK EX200 V4.0.3c.7646_B20201211 wireless range extender lacks any authentication mechanism by default, allowing unauthenticated attackers to access its management interface. This affects all users who have not manually configured authentication on their devices. Attackers can potentially take full control of the device or use it as an entry point into the network.

💻 Affected Systems

Products:
  • TOTOLINK EX200
Versions: V4.0.3c.7646_B20201211
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default configuration are vulnerable. Only devices where users have manually configured authentication are protected.

📦 What is this software?

Ex200 Firmware by Totolink

View all CVEs affecting Ex200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, credential theft, malware deployment, or use as a pivot point for lateral movement.

🟠

Likely Case

Unauthorized configuration changes, network disruption, or device being used for malicious traffic routing.

🟢

If Mitigated

Limited impact if authentication is properly configured and network segmentation is in place.

🌐 Internet-Facing: HIGH - Directly accessible devices can be exploited remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised hosts could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and minimal technical skill. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Users must manually configure authentication in device settings.

🔧 Temporary Workarounds

Enable Authentication

all

Manually configure authentication in the device web interface

Access web interface at device IP > System > User Management > Set username and password

Network Isolation

all

Place device on isolated VLAN or network segment

🧯 If You Can't Patch

  • Disconnect device from network immediately
  • Replace with a different model that supports authentication

🔍 How to Verify

Check if Vulnerable:

Attempt to access device web interface without credentials. If access is granted, device is vulnerable.

Check Version:

Check firmware version in web interface: System > Device Information

Verify Fix Applied:

Verify authentication is required when accessing web interface. Test with incorrect credentials should be rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to device management interface
  • Configuration changes without authentication logs

Network Indicators:

  • Unusual traffic from device IP
  • Unauthorized configuration requests to device

SIEM Query:

source_ip="device_ip" AND (http_method="POST" OR http_method="GET") AND url_contains="/cgi-bin/" AND NOT auth_success="true"

📊 Metadata

CVE ID: CVE-2024-31813
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: April 8, 2024
Last Updated: March 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31813, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)