EX1200T
by Totolink
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42887 | Cri | 0.67 | 9.8 | 0.43 | Jun 3, 2022 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||
| CVE-2025-5600 | Cri | 0.64 | 9.8 | 0.01 | Jun 4, 2025 | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The… | ||
| CVE-2025-28039 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2025 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. | ||
| CVE-2025-28038 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2025 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. | ||
| CVE-2023-52032 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | ||
| CVE-2023-51035 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2023 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | ||
| CVE-2023-51034 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2023 | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | ||
| CVE-2023-51033 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2023 | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | ||
| CVE-2021-42890 | Cri | 0.64 | 9.8 | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | ||
| CVE-2021-42888 | Cri | 0.64 | 9.8 | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | ||
| CVE-2021-42885 | Cri | 0.64 | 9.8 | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | ||
| CVE-2021-42884 | Cri | 0.64 | 9.8 | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | ||
| CVE-2021-42875 | Cri | 0.64 | 9.8 | 0.05 | Jun 2, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | ||
| CVE-2021-42872 | Cri | 0.64 | 9.8 | 0.08 | Jun 2, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | ||
| CVE-2025-5907 | Hig | 0.58 | 8.8 | 0.04 | Jun 10, 2025 | A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be… | ||
| CVE-2025-5792 | Hig | 0.58 | 8.8 | 0.04 | Jun 6, 2025 | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url… | ||
| CVE-2022-25008 | Hig | 0.58 | 8.8 | 0.04 | Mar 30, 2022 | totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | ||
| CVE-2025-6568 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2025 | A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.… | ||
| CVE-2025-6393 | Hig | 0.57 | 8.8 | 0.01 | Jun 21, 2025 | A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component… | ||
| CVE-2025-6336 | Hig | 0.57 | 8.8 | 0.01 | Jun 20, 2025 | A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer… |
- risk 0.67cvss 9.8epss 0.43
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
- risk 0.64cvss 9.8epss 0.01
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The…
- risk 0.64cvss 9.8epss 0.01
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.
- risk 0.64cvss 9.8epss 0.02
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
- risk 0.64cvss 9.8epss 0.01
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
- risk 0.64cvss 9.8epss 0.01
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
- risk 0.64cvss 9.8epss 0.05
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
- risk 0.64cvss 9.8epss 0.08
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
- risk 0.58cvss 8.8epss 0.04
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be…
- risk 0.58cvss 8.8epss 0.04
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url…
- risk 0.58cvss 8.8epss 0.04
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…
Page 1 of 3