Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46993 | 0.00 | — | 0.02 | Oct 31, 2023 | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | |||
| CVE-2023-46976 | 0.00 | — | 0.02 | Oct 31, 2023 | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | |||
| CVE-2023-46978 | 0.00 | — | 0.01 | Oct 31, 2023 | TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | |||
| CVE-2023-46484 | 0.00 | — | 0.01 | Oct 31, 2023 | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | |||
| CVE-2023-46979 | 0.00 | — | 0.02 | Oct 31, 2023 | TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | |||
| CVE-2023-46510 | 0.00 | — | 0.01 | Oct 27, 2023 | An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | |||
| CVE-2023-46413 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | |||
| CVE-2023-46408 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | |||
| CVE-2023-46418 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | |||
| CVE-2023-46563 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | |||
| CVE-2023-46416 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. | |||
| CVE-2023-46421 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. | |||
| CVE-2023-46417 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | |||
| CVE-2023-46555 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. | |||
| CVE-2023-46411 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | |||
| CVE-2023-46423 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | |||
| CVE-2023-46540 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. | |||
| CVE-2023-46560 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. | |||
| CVE-2023-46420 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. | |||
| CVE-2023-46553 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. | |||
| CVE-2023-46543 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. | |||
| CVE-2023-46546 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. | |||
| CVE-2023-46562 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. | |||
| CVE-2023-46424 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | |||
| CVE-2023-46556 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | |||
| CVE-2023-46544 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. | |||
| CVE-2023-46552 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. | |||
| CVE-2023-46419 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | |||
| CVE-2023-46415 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. | |||
| CVE-2023-46414 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | |||
| CVE-2023-46548 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect. | |||
| CVE-2023-46564 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | |||
| CVE-2023-46422 | 0.00 | — | 0.02 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | |||
| CVE-2023-46547 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. | |||
| CVE-2023-46550 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | |||
| CVE-2023-46545 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. | |||
| CVE-2023-46559 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. | |||
| CVE-2023-46409 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | |||
| CVE-2023-46412 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | |||
| CVE-2023-46554 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. | |||
| CVE-2023-46541 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. | |||
| CVE-2023-46558 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | |||
| CVE-2023-46557 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. | |||
| CVE-2023-46542 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. | |||
| CVE-2023-46410 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | |||
| CVE-2023-46551 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. | |||
| CVE-2023-46549 | 0.00 | — | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. | |||
| CVE-2023-36947 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | |||
| CVE-2023-36952 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. | |||
| CVE-2023-36954 | 0.00 | — | 0.02 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. |
- CVE-2023-46993Oct 31, 2023risk 0.00cvss —epss 0.02
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
- CVE-2023-46976Oct 31, 2023risk 0.00cvss —epss 0.02
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
- CVE-2023-46978Oct 31, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
- CVE-2023-46484Oct 31, 2023risk 0.00cvss —epss 0.01
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
- CVE-2023-46979Oct 31, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
- CVE-2023-46510Oct 27, 2023risk 0.00cvss —epss 0.01
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.
- CVE-2023-46413Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
- CVE-2023-46408Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
- CVE-2023-46418Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.
- CVE-2023-46563Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.
- CVE-2023-46416Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.
- CVE-2023-46421Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.
- CVE-2023-46417Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.
- CVE-2023-46555Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.
- CVE-2023-46411Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
- CVE-2023-46423Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.
- CVE-2023-46540Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.
- CVE-2023-46560Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
- CVE-2023-46420Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.
- CVE-2023-46553Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.
- CVE-2023-46543Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.
- CVE-2023-46546Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.
- CVE-2023-46562Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.
- CVE-2023-46424Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.
- CVE-2023-46556Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.
- CVE-2023-46544Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.
- CVE-2023-46552Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.
- CVE-2023-46419Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.
- CVE-2023-46415Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.
- CVE-2023-46414Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.
- CVE-2023-46548Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.
- CVE-2023-46564Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
- CVE-2023-46422Oct 25, 2023risk 0.00cvss —epss 0.02
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.
- CVE-2023-46547Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.
- CVE-2023-46550Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.
- CVE-2023-46545Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.
- CVE-2023-46559Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.
- CVE-2023-46409Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
- CVE-2023-46412Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
- CVE-2023-46554Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.
- CVE-2023-46541Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.
- CVE-2023-46558Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.
- CVE-2023-46557Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.
- CVE-2023-46542Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.
- CVE-2023-46410Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
- CVE-2023-46551Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.
- CVE-2023-46549Oct 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.
- CVE-2023-36947Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
- CVE-2023-36952Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.
- CVE-2023-36954Oct 16, 2023risk 0.00cvss —epss 0.02
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
Page 20 of 25