EX200
by Totolink
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43711 | Cri | 0.67 | 9.8 | 0.36 | Jan 4, 2022 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | ||
| CVE-2024-31810 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2024-31807 | Cri | 0.64 | 9.8 | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | ||
| CVE-2024-31815 | Cri | 0.59 | 9.1 | 0.01 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | ||
| CVE-2024-31814 | Hig | 0.58 | 8.8 | 0.09 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. | ||
| CVE-2024-7336 | Hig | 0.57 | 8.8 | 0.01 | Aug 1, 2024 | A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched… | ||
| CVE-2024-7335 | Hig | 0.57 | 8.8 | 0.01 | Aug 1, 2024 | A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to… | ||
| CVE-2024-31809 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | ||
| CVE-2024-31808 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | ||
| CVE-2024-31813 | Hig | 0.55 | 8.4 | 0.00 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | ||
| CVE-2024-31817 | Hig | 0.53 | 7.5 | 0.55 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | ||
| CVE-2024-31811 | Hig | 0.52 | 8.0 | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | ||
| CVE-2024-31816 | Hig | 0.49 | 7.5 | 0.03 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | ||
| CVE-2024-32326 | Med | 0.44 | 6.8 | 0.01 | Apr 18, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | ||
| CVE-2024-53333 | Med | 0.42 | 6.3 | 0.19 | Nov 21, 2024 | TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | ||
| CVE-2024-31812 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | ||
| CVE-2024-31806 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | ||
| CVE-2024-31805 | Med | 0.42 | 6.5 | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | ||
| CVE-2026-11620 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2024-32325 | Low | 0.16 | 2.4 | 0.00 | Apr 18, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. |
- risk 0.67cvss 9.8epss 0.36
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
- risk 0.59cvss 9.1epss 0.01
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
- risk 0.58cvss 8.8epss 0.09
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched…
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to…
- risk 0.57cvss 8.8epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
- risk 0.57cvss 8.8epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
- risk 0.55cvss 8.4epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
- risk 0.53cvss 7.5epss 0.55
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
- risk 0.52cvss 8.0epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
- risk 0.49cvss 7.5epss 0.03
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
- risk 0.44cvss 6.8epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
- risk 0.42cvss 6.3epss 0.19
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.
- risk 0.42cvss 6.5epss 0.00
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
- risk 0.42cvss 6.5epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
- risk 0.42cvss 6.5epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
- risk 0.34cvss 5.3epss 0.00
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been…
- risk 0.16cvss 2.4epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.