VYPR

CP450

by Totolink

CVEs (20)

  • CVE-2024-7332CriAug 1, 2024
    risk 0.65cvss 9.8epss 0.21

    A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to…

  • CVE-2024-34213CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.

  • CVE-2024-34209CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.

  • CVE-2024-34204CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.

  • CVE-2024-34219HigMay 14, 2024
    risk 0.58cvss 8.6epss 0.21

    TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.

  • CVE-2024-7465HigAug 5, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack…

  • CVE-2024-34211HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-34207HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.

  • CVE-2024-34200HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.

  • CVE-2024-34217HigMay 14, 2024
    risk 0.50cvss 7.7epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.

  • CVE-2024-34210HigMay 14, 2024
    risk 0.48cvss 7.3epss 0.01

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.

  • CVE-2024-34205HigMay 14, 2024
    risk 0.48cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.

  • CVE-2024-34215HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.

  • CVE-2024-34212HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.

  • CVE-2024-34201HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.

  • CVE-2024-34206MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.01

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.

  • CVE-2024-34202MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.

  • CVE-2026-11554MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly…

  • CVE-2024-34218LowMay 14, 2024
    risk 0.26cvss 3.8epss 0.18

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.

  • CVE-2024-34203LowMay 14, 2024
    risk 0.25cvss 3.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.