CP450
by Totolink
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7332 | Cri | 0.65 | 9.8 | 0.21 | Aug 1, 2024 | A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to… | ||
| CVE-2024-34213 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. | ||
| CVE-2024-34209 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | ||
| CVE-2024-34204 | Cri | 0.64 | 9.8 | 0.02 | May 14, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | ||
| CVE-2024-34219 | Hig | 0.58 | 8.6 | 0.21 | May 14, 2024 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | ||
| CVE-2024-7465 | Hig | 0.57 | 8.8 | 0.01 | Aug 5, 2024 | A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack… | ||
| CVE-2024-34211 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||
| CVE-2024-34207 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | ||
| CVE-2024-34200 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | ||
| CVE-2024-34217 | Hig | 0.50 | 7.7 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. | ||
| CVE-2024-34210 | Hig | 0.48 | 7.3 | 0.01 | May 14, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | ||
| CVE-2024-34205 | Hig | 0.48 | 7.3 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | ||
| CVE-2024-34215 | Hig | 0.47 | 7.3 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. | ||
| CVE-2024-34212 | Hig | 0.47 | 7.3 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | ||
| CVE-2024-34201 | Hig | 0.47 | 7.3 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. | ||
| CVE-2024-34206 | Med | 0.42 | 6.5 | 0.01 | May 14, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | ||
| CVE-2024-34202 | Med | 0.42 | 6.5 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. | ||
| CVE-2026-11554 | Med | 0.28 | 4.3 | 0.00 | Jun 8, 2026 | A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly… | ||
| CVE-2024-34218 | Low | 0.26 | 3.8 | 0.18 | May 14, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | ||
| CVE-2024-34203 | Low | 0.25 | 3.8 | 0.01 | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. |
- risk 0.65cvss 9.8epss 0.21
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to…
- risk 0.64cvss 9.8epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
- risk 0.58cvss 8.6epss 0.21
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
- risk 0.57cvss 8.8epss 0.01
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack…
- risk 0.57cvss 8.8epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- risk 0.57cvss 8.8epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.
- risk 0.57cvss 8.8epss 0.01
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
- risk 0.50cvss 7.7epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.
- risk 0.48cvss 7.3epss 0.01
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
- risk 0.48cvss 7.3epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
- risk 0.47cvss 7.3epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.
- risk 0.47cvss 7.3epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
- risk 0.47cvss 7.3epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
- risk 0.42cvss 6.5epss 0.01
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
- risk 0.42cvss 6.5epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly…
- risk 0.26cvss 3.8epss 0.18
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
- risk 0.25cvss 3.8epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.