CPE CP900
by Totolink
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7464 | 0.03 | — | 0.38 | Aug 5, 2024 | A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated… | |||
| CVE-2025-44837 | 0.01 | — | 0.10 | May 1, 2025 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-44854 | 0.01 | — | 0.10 | May 1, 2025 | TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-44838 | 0.01 | — | 0.10 | May 1, 2025 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-44836 | 0.01 | — | 0.10 | May 1, 2025 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2024-7463 | 0.01 | — | 0.10 | Aug 5, 2024 | A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The… | |||
| CVE-2022-28495 | 0.01 | — | 0.07 | Mar 24, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28497 | 0.00 | — | 0.02 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28493 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, | |||
| CVE-2022-28494 | 0.00 | — | 0.06 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28496 | 0.00 | — | 0.02 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28491 | 0.00 | — | 0.06 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28492 | 0.00 | — | 0.01 | Mar 23, 2023 | TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. |
- CVE-2024-7464Aug 5, 2024risk 0.03cvss —epss 0.38
A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated…
- CVE-2025-44837May 1, 2025risk 0.01cvss —epss 0.10
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2025-44854May 1, 2025risk 0.01cvss —epss 0.10
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2025-44838May 1, 2025risk 0.01cvss —epss 0.10
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2025-44836May 1, 2025risk 0.01cvss —epss 0.10
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2024-7463Aug 5, 2024risk 0.01cvss —epss 0.10
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The…
- CVE-2022-28495Mar 24, 2023risk 0.01cvss —epss 0.07
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28497Mar 23, 2023risk 0.00cvss —epss 0.02
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28493Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
- CVE-2022-28494Mar 23, 2023risk 0.00cvss —epss 0.06
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28496Mar 23, 2023risk 0.00cvss —epss 0.02
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28491Mar 23, 2023risk 0.00cvss —epss 0.06
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28492Mar 23, 2023risk 0.00cvss —epss 0.01
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.