VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2024-7154Jul 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to…

  • CVE-2024-41317Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

  • CVE-2024-41315Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.

  • CVE-2024-41316Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

  • CVE-2024-41320Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.

  • CVE-2024-41318Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

  • CVE-2024-41314Jul 22, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

  • CVE-2024-37626Jun 20, 2024
    risk 0.00cvss epss 0.02

    A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.

  • CVE-2024-37639Jun 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.

  • CVE-2024-37640Jun 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.

  • CVE-2024-37637Jun 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.

  • CVE-2024-37631Jun 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.

  • CVE-2024-37635Jun 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg

  • CVE-2024-37634Jun 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.

  • CVE-2024-37633Jun 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg

  • CVE-2024-37632Jun 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

  • CVE-2024-36650Jun 11, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing…

  • CVE-2024-36782Jun 3, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-36783Jun 3, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.

  • CVE-2024-35401May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2024-35403May 28, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules

  • CVE-2024-35400May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules

  • CVE-2024-35399May 28, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth

  • CVE-2024-35398May 28, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.

  • CVE-2024-35397May 28, 2024
    risk 0.00cvss epss 0.19

    TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-35388May 24, 2024
    risk 0.00cvss epss 0.03

    TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode

  • CVE-2024-35395May 24, 2024
    risk 0.00cvss epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-35396May 24, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.

  • CVE-2024-32355May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.

  • CVE-2024-32354May 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

  • CVE-2024-32353May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

  • CVE-2024-32352May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32351May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32350May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32349May 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.

  • CVE-2024-31810May 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2024-33433May 13, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.

  • CVE-2024-35099May 13, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

  • CVE-2024-34209May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.

  • CVE-2024-34213May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.

  • CVE-2024-34200May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.

  • CVE-2024-34201May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.

  • CVE-2024-34202May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.

  • CVE-2024-34203May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.

  • CVE-2024-34204May 9, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.

  • CVE-2024-34205May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.

  • CVE-2024-34206May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.

  • CVE-2024-34207May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.

  • CVE-2024-34217May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.

  • CVE-2024-34215May 9, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.

Page 16 of 25