CVE-2024-34200 – This CVE describes a stack buffer overflow vuln... (How to Fix)

Q: What is the severity of CVE-2024-34200?

CVE-2024-34200 has a CVSS score of 8.8 (HIGH). This CVE describes a stack buffer overflow vulnerability in the setIpQosRules function of TOTOLINK CPE CP450 routers. Attackers can exploit this to execute arbitrary code or crash the device, potentially gaining full control. All users running the affected firmware version are vulnerable.

📋 TL;DR

This CVE describes a stack buffer overflow vulnerability in the setIpQosRules function of TOTOLINK CPE CP450 routers. Attackers can exploit this to execute arbitrary code or crash the device, potentially gaining full control. All users running the affected firmware version are vulnerable.

💻 Affected Systems

Products:

TOTOLINK CPE CP450

Versions: v4.1.0cu.747_B20191224

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific firmware version has been confirmed vulnerable. Other versions may also be affected but not tested.

📦 What is this software?

Cp450 Firmware by Totolink

View all CVEs affecting Cp450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, and lateral movement within the network.

🟠

Likely Case

Device crash causing denial of service, or limited code execution allowing network reconnaissance.

🟢

If Mitigated

If network segmentation and strict access controls are in place, impact may be limited to the device itself.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing, making them accessible to remote attackers.

🏢 Internal Only: MEDIUM - If not internet-facing, attackers would need internal network access first.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in the referenced GitHub repository. Exploitation appears straightforward for attackers with basic reverse engineering skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check TOTOLINK official website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot device.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable interface

Network segmentation

all

Isolate the router from critical internal networks

🧯 If You Can't Patch

Replace the device with a supported model from a different vendor
Implement strict firewall rules to block all inbound traffic to the router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface or via SSH: cat /proc/version

Check Version:

ssh admin@router_ip 'cat /proc/version' or check web interface

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v4.1.0cu.747_B20191224

📡 Detection & Monitoring

Log Indicators:

Unusual traffic to router management interface
Multiple failed login attempts followed by buffer overflow patterns

Network Indicators:

Unusual HTTP POST requests to setIpQosRules endpoint
Traffic patterns matching known exploit code

SIEM Query:

source_ip="router_ip" AND (http_uri="*setIpQosRules*" OR http_user_agent="*curl*" OR http_user_agent="*python*" OR http_user_agent="*nmap*")

📊 Metadata

CVE ID: CVE-2024-34200

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: May 14, 2024

Last Updated: April 3, 2025

🔗 References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpQosRules Exploit,Third Party Advisory
https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpQosRules Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34200, you might also want to check these: