CP900L
by Totolink
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35401 | 0.00 | — | 0.01 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||
| CVE-2024-35403 | 0.00 | — | 0.00 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules | |||
| CVE-2024-35400 | 0.00 | — | 0.01 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules | |||
| CVE-2024-35399 | 0.00 | — | 0.00 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth | |||
| CVE-2024-35398 | 0.00 | — | 0.01 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. | |||
| CVE-2024-35397 | 0.00 | — | 0.19 | May 28, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2024-35395 | 0.00 | — | 0.00 | May 24, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2024-35396 | 0.00 | — | 0.01 | May 24, 2024 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. |
- CVE-2024-35401May 28, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
- CVE-2024-35403May 28, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
- CVE-2024-35400May 28, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
- CVE-2024-35399May 28, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
- CVE-2024-35398May 28, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
- CVE-2024-35397May 28, 2024risk 0.00cvss —epss 0.19
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2024-35395May 24, 2024risk 0.00cvss —epss 0.00
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2024-35396May 24, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.