VYPR

EX200

by Totolink

CVEs (20)

  • CVE-2021-43711CriJan 4, 2022
    risk 0.67cvss 9.8epss 0.36

    The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.

  • CVE-2024-31810CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2024-31807CriApr 8, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.

  • CVE-2024-31815CriApr 8, 2024
    risk 0.59cvss 9.1epss 0.01

    In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh

  • CVE-2024-31814HigApr 8, 2024
    risk 0.58cvss 8.8epss 0.09

    TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.

  • CVE-2024-7336HigAug 1, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched…

  • CVE-2024-7335HigAug 1, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to…

  • CVE-2024-31809HigApr 8, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.

  • CVE-2024-31808HigApr 8, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

  • CVE-2024-31813HigApr 8, 2024
    risk 0.55cvss 8.4epss 0.00

    TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.

  • CVE-2024-31817HigApr 8, 2024
    risk 0.53cvss 7.5epss 0.55

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.

  • CVE-2024-31811HigApr 8, 2024
    risk 0.52cvss 8.0epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.

  • CVE-2024-31816HigApr 8, 2024
    risk 0.49cvss 7.5epss 0.03

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.

  • CVE-2024-32326MedApr 18, 2024
    risk 0.44cvss 6.8epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.

  • CVE-2024-53333MedNov 21, 2024
    risk 0.42cvss 6.3epss 0.19

    TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.

  • CVE-2024-31812MedApr 8, 2024
    risk 0.42cvss 6.5epss 0.00

    In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.

  • CVE-2024-31806MedApr 8, 2024
    risk 0.42cvss 6.5epss 0.00

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.

  • CVE-2024-31805MedApr 8, 2024
    risk 0.42cvss 6.5epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.

  • CVE-2026-11620MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-32325LowApr 18, 2024
    risk 0.16cvss 2.4epss 0.00

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.