VYPR

CP300

by Totolink

CVEs (7)

  • CVE-2023-31856May 16, 2023
    risk 0.02cvss epss 0.03

    A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.

  • CVE-2024-36782Jun 3, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2023-36954Oct 16, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

  • CVE-2023-36953Oct 16, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

  • CVE-2023-36955Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

  • CVE-2023-36952Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.

  • CVE-2023-34669Jul 17, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.