CVE-2024-0942
LOWTotolink N200RE V5 9.3.5u.6255_B20211224 - Session Expiration
Title source: llmDescription
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.252186
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.252186
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.269679
Third Party Advisory exploit
https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing
Exploit, Third Party Advisory media-coverage
https://youtu.be/b0tU2CiLbnU
Scores
CVSS v3
3.7
EPSS
0.0066
EPSS Percentile
46.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (1)
totolink/n200re-v5_firmware
9.3.5u.6255_b20211224
Published
Jan 26, 2024
Tracked Since
Feb 18, 2026