PT-2024-24225 · Totolink · Totolink Ex200

Published

2024-04-08

Updated

2025-03-24

CVE-2024-31817

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 version 4.0.3c.7646 B20201211

Description The issue allows an attacker to obtain sensitive information without authorization through the function getSysStatusCfg.

Recommendations For TOTOLINK EX200 version 4.0.3c.7646 B20201211, consider disabling the getSysStatusCfg function until a patch is available to prevent unauthorized access to sensitive information.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-05845

CVE-2024-31817

Affected Products

Totolink Ex200

PT-2024-24225 · Totolink · Totolink Ex200

CVE-2024-31817

Weakness Enumeration

Related Identifiers

Affected Products

References · 7