VYPR

CP900L

by Totolink

CVEs (8)

  • CVE-2024-35401May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2024-35403May 28, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules

  • CVE-2024-35400May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules

  • CVE-2024-35399May 28, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth

  • CVE-2024-35398May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.

  • CVE-2024-35397May 28, 2024
    risk 0.00cvss epss 0.19

    TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-35395May 24, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-35396May 24, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.