CP450
by Totolink
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7332 | 0.07 | — | 0.89 | Aug 1, 2024 | A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||
| CVE-2024-34218 | 0.01 | — | 0.08 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |||
| CVE-2024-7465 | 0.00 | — | 0.00 | Aug 5, 2024 | A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||
| CVE-2024-34209 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | |||
| CVE-2024-34213 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. | |||
| CVE-2024-34200 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | |||
| CVE-2024-34201 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. | |||
| CVE-2024-34202 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. | |||
| CVE-2024-34203 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. | |||
| CVE-2024-34204 | 0.00 | — | 0.05 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||
| CVE-2024-34205 | 0.00 | — | 0.05 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | |||
| CVE-2024-34206 | 0.00 | — | 0.02 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||
| CVE-2024-34207 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | |||
| CVE-2024-34217 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. | |||
| CVE-2024-34215 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. | |||
| CVE-2024-34210 | 0.00 | — | 0.03 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | |||
| CVE-2024-34211 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2024-34212 | 0.00 | — | 0.00 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | |||
| CVE-2024-34219 | 0.00 | — | 0.03 | May 9, 2024 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. |
- CVE-2024-7332Aug 1, 2024risk 0.07cvss —epss 0.89
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2024-34218May 9, 2024risk 0.01cvss —epss 0.08
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
- CVE-2024-7465Aug 5, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2024-34209May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
- CVE-2024-34213May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.
- CVE-2024-34200May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
- CVE-2024-34201May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
- CVE-2024-34202May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
- CVE-2024-34203May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
- CVE-2024-34204May 9, 2024risk 0.00cvss —epss 0.05
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
- CVE-2024-34205May 9, 2024risk 0.00cvss —epss 0.05
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
- CVE-2024-34206May 9, 2024risk 0.00cvss —epss 0.02
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
- CVE-2024-34207May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.
- CVE-2024-34217May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.
- CVE-2024-34215May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.
- CVE-2024-34210May 9, 2024risk 0.00cvss —epss 0.03
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
- CVE-2024-34211May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2024-34212May 9, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
- CVE-2024-34219May 9, 2024risk 0.00cvss —epss 0.03
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.