Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34210 | 0.00 | — | 0.01 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | |||
| CVE-2024-34211 | 0.00 | — | 0.01 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2024-34212 | 0.00 | — | 0.01 | May 9, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | |||
| CVE-2024-34219 | 0.00 | — | 0.21 | May 9, 2024 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | |||
| CVE-2024-34196 | 0.00 | — | 0.01 | May 8, 2024 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the… | |||
| CVE-2024-34308 | 0.00 | — | 0.01 | May 8, 2024 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. | |||
| CVE-2024-33820 | 0.00 | — | 0.01 | May 1, 2024 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||
| CVE-2024-32332 | 0.00 | — | 0.00 | Apr 18, 2024 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | |||
| CVE-2024-32325 | 0.00 | — | 0.00 | Apr 18, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | |||
| CVE-2024-32333 | 0.00 | — | 0.01 | Apr 18, 2024 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | |||
| CVE-2024-32326 | 0.00 | — | 0.01 | Apr 18, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | |||
| CVE-2024-32334 | 0.00 | — | 0.00 | Apr 18, 2024 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | |||
| CVE-2024-32327 | 0.00 | — | 0.00 | Apr 18, 2024 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | |||
| CVE-2024-32335 | 0.00 | — | 0.00 | Apr 18, 2024 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | |||
| CVE-2024-31814 | 0.00 | — | 0.09 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. | |||
| CVE-2024-31805 | 0.00 | — | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | |||
| CVE-2024-31812 | 0.00 | — | 0.00 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | |||
| CVE-2024-31811 | 0.00 | — | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | |||
| CVE-2024-31809 | 0.00 | — | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | |||
| CVE-2024-31813 | 0.00 | — | 0.00 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | |||
| CVE-2024-31806 | 0.00 | — | 0.00 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | |||
| CVE-2024-31815 | 0.00 | — | 0.01 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | |||
| CVE-2024-31808 | 0.00 | — | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||
| CVE-2024-31807 | 0.00 | — | 0.01 | Apr 8, 2024 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | |||
| CVE-2024-31816 | 0.00 | — | 0.03 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | |||
| CVE-2024-27521 | 0.00 | — | 0.01 | Mar 26, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail,… | |||
| CVE-2024-28402 | 0.00 | — | 0.00 | Mar 21, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | |||
| CVE-2024-29419 | 0.00 | — | 0.00 | Mar 20, 2024 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | |||
| CVE-2024-28639 | 0.00 | — | 0.01 | Mar 16, 2024 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. | |||
| CVE-2024-28403 | 0.00 | — | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. | |||
| CVE-2024-28404 | 0.00 | — | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | |||
| CVE-2024-28401 | 0.00 | — | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | |||
| CVE-2024-28338 | 0.00 | — | 0.01 | Mar 12, 2024 | A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. | |||
| CVE-2024-1783 | 0.00 | — | 0.02 | Feb 23, 2024 | A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to… | |||
| CVE-2024-1661 | 0.00 | — | 0.00 | Feb 20, 2024 | A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local… | |||
| CVE-2024-25468 | 0.00 | — | 0.01 | Feb 17, 2024 | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | |||
| CVE-2024-24333 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | |||
| CVE-2024-24331 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | |||
| CVE-2024-24332 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | |||
| CVE-2024-24324 | 0.00 | — | 0.01 | Jan 30, 2024 | TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||
| CVE-2024-24327 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | |||
| CVE-2024-24325 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | |||
| CVE-2024-24330 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | |||
| CVE-2024-24326 | 0.00 | — | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | |||
| CVE-2024-1004 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2024-1003 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The… | |||
| CVE-2024-1002 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The… | |||
| CVE-2024-1001 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has… | |||
| CVE-2024-1000 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2024-0999 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The… |
- CVE-2024-34210May 9, 2024risk 0.00cvss —epss 0.01
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
- CVE-2024-34211May 9, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2024-34212May 9, 2024risk 0.00cvss —epss 0.01
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
- CVE-2024-34219May 9, 2024risk 0.00cvss —epss 0.21
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
- CVE-2024-34196May 8, 2024risk 0.00cvss —epss 0.01
Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the…
- CVE-2024-34308May 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
- CVE-2024-33820May 1, 2024risk 0.00cvss —epss 0.01
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
- CVE-2024-32332Apr 18, 2024risk 0.00cvss —epss 0.00
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
- CVE-2024-32325Apr 18, 2024risk 0.00cvss —epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
- CVE-2024-32333Apr 18, 2024risk 0.00cvss —epss 0.01
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
- CVE-2024-32326Apr 18, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
- CVE-2024-32334Apr 18, 2024risk 0.00cvss —epss 0.00
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
- CVE-2024-32327Apr 18, 2024risk 0.00cvss —epss 0.00
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
- CVE-2024-32335Apr 18, 2024risk 0.00cvss —epss 0.00
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
- CVE-2024-31814Apr 8, 2024risk 0.00cvss —epss 0.09
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
- CVE-2024-31805Apr 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
- CVE-2024-31812Apr 8, 2024risk 0.00cvss —epss 0.00
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
- CVE-2024-31811Apr 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
- CVE-2024-31809Apr 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
- CVE-2024-31813Apr 8, 2024risk 0.00cvss —epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
- CVE-2024-31806Apr 8, 2024risk 0.00cvss —epss 0.00
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
- CVE-2024-31815Apr 8, 2024risk 0.00cvss —epss 0.01
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
- CVE-2024-31808Apr 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
- CVE-2024-31807Apr 8, 2024risk 0.00cvss —epss 0.01
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
- CVE-2024-31816Apr 8, 2024risk 0.00cvss —epss 0.03
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
- CVE-2024-27521Mar 26, 2024risk 0.00cvss —epss 0.01
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail,…
- CVE-2024-28402Mar 21, 2024risk 0.00cvss —epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
- CVE-2024-29419Mar 20, 2024risk 0.00cvss —epss 0.00
There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.
- CVE-2024-28639Mar 16, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.
- CVE-2024-28403Mar 15, 2024risk 0.00cvss —epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.
- CVE-2024-28404Mar 15, 2024risk 0.00cvss —epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
- CVE-2024-28401Mar 15, 2024risk 0.00cvss —epss 0.00
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
- CVE-2024-28338Mar 12, 2024risk 0.00cvss —epss 0.01
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
- CVE-2024-1783Feb 23, 2024risk 0.00cvss —epss 0.02
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to…
- CVE-2024-1661Feb 20, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local…
- CVE-2024-25468Feb 17, 2024risk 0.00cvss —epss 0.01
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
- CVE-2024-24333Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
- CVE-2024-24331Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
- CVE-2024-24332Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
- CVE-2024-24324Jan 30, 2024risk 0.00cvss —epss 0.01
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
- CVE-2024-24327Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
- CVE-2024-24325Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
- CVE-2024-24330Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
- CVE-2024-24326Jan 30, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
- CVE-2024-1004Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to…
- CVE-2024-1003Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The…
- CVE-2024-1002Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The…
- CVE-2024-1001Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has…
- CVE-2024-1000Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be…
- CVE-2024-0999Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The…
Page 17 of 25