VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2024-57012Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.

  • CVE-2024-57019Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.

  • CVE-2024-57025Jan 15, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.

  • CVE-2024-57011Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.

  • CVE-2024-57018Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.

  • CVE-2024-57024Jan 15, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.

  • CVE-2024-57022Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.

  • CVE-2024-57021Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.

  • CVE-2024-57020Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.

  • CVE-2024-57016Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.

  • CVE-2024-57017Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.

  • CVE-2024-57015Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.

  • CVE-2024-57212Jan 10, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.

  • CVE-2024-57213Jan 10, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.

  • CVE-2024-57214Jan 10, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

  • CVE-2024-57211Jan 10, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.

  • CVE-2024-54907Dec 26, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.

  • CVE-2024-12352Dec 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be…

  • CVE-2024-52723Nov 22, 2024
    risk 0.00cvss epss 0.01

    In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

  • CVE-2024-53335Nov 21, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.

  • CVE-2024-53334Nov 21, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi.

  • CVE-2024-53333Nov 21, 2024
    risk 0.00cvss epss 0.19

    TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.

  • CVE-2024-51141Nov 15, 2024
    risk 0.00cvss epss 0.00

    An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.

  • CVE-2024-10966Nov 7, 2024
    risk 0.00cvss epss 0.03

    A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may…

  • CVE-2024-10654Nov 1, 2024
    risk 0.00cvss epss 0.02

    A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The…

  • CVE-2024-9001Sep 19, 2024
    risk 0.00cvss epss 0.04

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be…

  • CVE-2024-46419Sep 16, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

  • CVE-2024-46424Sep 16, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.

  • CVE-2024-8869Sep 15, 2024
    risk 0.00cvss epss 0.02

    A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is…

  • CVE-2024-8580Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an…

  • CVE-2024-8579Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the…

  • CVE-2024-8578Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be…

  • CVE-2024-8577Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to…

  • CVE-2024-8576Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow.…

  • CVE-2024-8575Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated…

  • CVE-2024-8574Sep 8, 2024
    risk 0.00cvss epss 0.03

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The…

  • CVE-2024-8573Sep 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to…

  • CVE-2024-34198Aug 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying…

  • CVE-2024-34195Aug 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow…

  • CVE-2024-8162Aug 26, 2024
    risk 0.00cvss epss 0.02

    A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to…

  • CVE-2024-8079Aug 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this…

  • CVE-2024-8078Aug 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted…

  • CVE-2024-8077Aug 22, 2024
    risk 0.00cvss epss 0.03

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted…

  • CVE-2024-8076Aug 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about…

  • CVE-2024-8075Aug 22, 2024
    risk 0.00cvss epss 0.02

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was…

  • CVE-2024-7909Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer…

  • CVE-2024-7908Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible…

  • CVE-2024-7907Aug 18, 2024
    risk 0.00cvss epss 0.06

    A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be…

  • CVE-2024-42966Aug 15, 2024
    risk 0.00cvss epss 0.01

    Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

  • CVE-2024-42967Aug 15, 2024
    risk 0.00cvss epss 0.01

    Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

Page 14 of 25