Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0998 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2024-0997 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2024-0944 | 0.00 | — | 0.02 | Jan 26, 2024 | A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The… | |||
| CVE-2024-0943 | 0.00 | — | 0.01 | Jan 26, 2024 | A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The… | |||
| CVE-2024-0942 | 0.00 | — | 0.01 | Jan 26, 2024 | A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The… | |||
| CVE-2024-22529 | 0.00 | — | 0.02 | Jan 25, 2024 | TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | |||
| CVE-2023-52040 | 0.00 | — | 0.01 | Jan 24, 2024 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | |||
| CVE-2023-52038 | 0.00 | — | 0.01 | Jan 24, 2024 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | |||
| CVE-2023-52039 | 0.00 | — | 0.01 | Jan 24, 2024 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | |||
| CVE-2024-22662 | 0.00 | — | 0.01 | Jan 23, 2024 | TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | |||
| CVE-2024-22663 | 0.00 | — | 0.02 | Jan 23, 2024 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | |||
| CVE-2024-22660 | 0.00 | — | 0.01 | Jan 23, 2024 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | |||
| CVE-2024-0579 | 0.00 | — | 0.03 | Jan 16, 2024 | A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be… | |||
| CVE-2024-0578 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch… | |||
| CVE-2024-0577 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2024-0576 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The… | |||
| CVE-2024-0575 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2024-0574 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may… | |||
| CVE-2024-0573 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The… | |||
| CVE-2024-0572 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2024-0571 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2024-0570 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely.… | |||
| CVE-2024-0569 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure.… | |||
| CVE-2023-52042 | 0.00 | — | 0.01 | Jan 16, 2024 | An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | |||
| CVE-2023-52041 | 0.00 | — | 0.01 | Jan 16, 2024 | An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. | |||
| CVE-2023-52026 | 0.00 | — | 0.02 | Jan 12, 2024 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface | |||
| CVE-2024-23060 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | |||
| CVE-2024-23059 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | |||
| CVE-2024-23057 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | |||
| CVE-2024-22942 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | |||
| CVE-2024-23058 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | |||
| CVE-2024-23061 | 0.00 | — | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | |||
| CVE-2022-46025 | 0.00 | — | 0.01 | Jan 10, 2024 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | |||
| CVE-2023-7222 | 0.00 | — | 0.01 | Jan 9, 2024 | A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer… | |||
| CVE-2023-7220 | 0.00 | — | 0.01 | Jan 9, 2024 | A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2023-7219 | 0.00 | — | 0.01 | Jan 9, 2024 | A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The… | |||
| CVE-2023-7218 | 0.00 | — | 0.01 | Jan 8, 2024 | A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the… | |||
| CVE-2024-0299 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The… | |||
| CVE-2024-0298 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the… | |||
| CVE-2024-0297 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be… | |||
| CVE-2024-0296 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can… | |||
| CVE-2024-0295 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the… | |||
| CVE-2024-0294 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be… | |||
| CVE-2024-0293 | 0.00 | — | 0.05 | Jan 8, 2024 | A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can… | |||
| CVE-2024-0292 | 0.00 | — | 0.05 | Jan 8, 2024 | A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack… | |||
| CVE-2024-0291 | 0.00 | — | 0.04 | Jan 8, 2024 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be… | |||
| CVE-2023-7214 | 0.00 | — | 0.01 | Jan 7, 2024 | A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8… | |||
| CVE-2023-7213 | 0.00 | — | 0.01 | Jan 7, 2024 | A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33… | |||
| CVE-2023-7208 | 0.00 | — | 0.02 | Jan 7, 2024 | A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE:… | |||
| CVE-2023-7187 | 0.00 | — | 0.01 | Dec 31, 2023 | A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based… |
- CVE-2024-0998Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to…
- CVE-2024-0997Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be…
- CVE-2024-0944Jan 26, 2024risk 0.00cvss —epss 0.02
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The…
- CVE-2024-0943Jan 26, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The…
- CVE-2024-0942Jan 26, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The…
- CVE-2024-22529Jan 25, 2024risk 0.00cvss —epss 0.02
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa.
- CVE-2023-52040Jan 24, 2024risk 0.00cvss —epss 0.01
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
- CVE-2023-52038Jan 24, 2024risk 0.00cvss —epss 0.01
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
- CVE-2023-52039Jan 24, 2024risk 0.00cvss —epss 0.01
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
- CVE-2024-22662Jan 23, 2024risk 0.00cvss —epss 0.01
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
- CVE-2024-22663Jan 23, 2024risk 0.00cvss —epss 0.02
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
- CVE-2024-22660Jan 23, 2024risk 0.00cvss —epss 0.01
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
- CVE-2024-0579Jan 16, 2024risk 0.00cvss —epss 0.03
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be…
- CVE-2024-0578Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch…
- CVE-2024-0577Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be…
- CVE-2024-0576Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The…
- CVE-2024-0575Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to…
- CVE-2024-0574Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may…
- CVE-2024-0573Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The…
- CVE-2024-0572Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to…
- CVE-2024-0571Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be…
- CVE-2024-0570Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely.…
- CVE-2024-0569Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure.…
- CVE-2023-52042Jan 16, 2024risk 0.00cvss —epss 0.01
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
- CVE-2023-52041Jan 16, 2024risk 0.00cvss —epss 0.01
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
- CVE-2023-52026Jan 12, 2024risk 0.00cvss —epss 0.02
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface
- CVE-2024-23060Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
- CVE-2024-23059Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
- CVE-2024-23057Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
- CVE-2024-22942Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
- CVE-2024-23058Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
- CVE-2024-23061Jan 11, 2024risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
- CVE-2022-46025Jan 10, 2024risk 0.00cvss —epss 0.01
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.
- CVE-2023-7222Jan 9, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…
- CVE-2023-7220Jan 9, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be…
- CVE-2023-7219Jan 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The…
- CVE-2023-7218Jan 8, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the…
- CVE-2024-0299Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The…
- CVE-2024-0298Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the…
- CVE-2024-0297Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be…
- CVE-2024-0296Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can…
- CVE-2024-0295Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the…
- CVE-2024-0294Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be…
- CVE-2024-0293Jan 8, 2024risk 0.00cvss —epss 0.05
A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can…
- CVE-2024-0292Jan 8, 2024risk 0.00cvss —epss 0.05
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack…
- CVE-2024-0291Jan 8, 2024risk 0.00cvss —epss 0.04
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be…
- CVE-2023-7214Jan 7, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8…
- CVE-2023-7213Jan 7, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33…
- CVE-2023-7208Jan 7, 2024risk 0.00cvss —epss 0.02
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE:…
- CVE-2023-7187Dec 31, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based…
Page 18 of 25