EX300_v2
by Totolink
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32449 | 0.01 | — | 0.18 | Jul 7, 2022 | TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | |||
| CVE-2021-43663 | 0.00 | — | 0.01 | Mar 30, 2022 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | |||
| CVE-2021-43662 | 0.00 | — | 0.01 | Mar 30, 2022 | totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | |||
| CVE-2021-43661 | 0.00 | — | 0.01 | Mar 30, 2022 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | |||
| CVE-2021-43664 | 0.00 | — | 0.02 | Mar 30, 2022 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | |||
| CVE-2022-25008 | 0.00 | — | 0.04 | Mar 30, 2022 | totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. |
- CVE-2022-32449Jul 7, 2022risk 0.01cvss —epss 0.18
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
- CVE-2021-43663Mar 30, 2022risk 0.00cvss —epss 0.01
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
- CVE-2021-43662Mar 30, 2022risk 0.00cvss —epss 0.01
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
- CVE-2021-43661Mar 30, 2022risk 0.00cvss —epss 0.01
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
- CVE-2021-43664Mar 30, 2022risk 0.00cvss —epss 0.02
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
- CVE-2022-25008Mar 30, 2022risk 0.00cvss —epss 0.04
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.