CP300
by Totolink
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31856 | 0.02 | — | 0.03 | May 16, 2023 | A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||
| CVE-2024-36782 | 0.00 | — | 0.00 | Jun 3, 2024 | TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2023-36954 | 0.00 | — | 0.02 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||
| CVE-2023-36953 | 0.00 | — | 0.02 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||
| CVE-2023-36955 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | |||
| CVE-2023-36952 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. | |||
| CVE-2023-34669 | 0.00 | — | 0.01 | Jul 17, 2023 | TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. |
- CVE-2023-31856May 16, 2023risk 0.02cvss —epss 0.03
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.
- CVE-2024-36782Jun 3, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2023-36954Oct 16, 2023risk 0.00cvss —epss 0.02
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
- CVE-2023-36953Oct 16, 2023risk 0.00cvss —epss 0.02
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
- CVE-2023-36955Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
- CVE-2023-36952Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.
- CVE-2023-34669Jul 17, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.