VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2023-36340Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

  • CVE-2023-36950Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

  • CVE-2023-36953Oct 16, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

  • CVE-2023-45984Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

  • CVE-2023-36955Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

  • CVE-2023-45985Oct 16, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2023-43141Sep 25, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

  • CVE-2023-4746Sep 4, 2023
    risk 0.00cvss epss 0.03

    A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format…

  • CVE-2023-4412Aug 18, 2023
    risk 0.00cvss epss 0.03

    A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and…

  • CVE-2023-4411Aug 18, 2023
    risk 0.00cvss epss 0.05

    A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2023-4410Aug 18, 2023
    risk 0.00cvss epss 0.03

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed…

  • CVE-2023-40042Aug 8, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

  • CVE-2023-40041Aug 8, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.

  • CVE-2023-34669Jul 17, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

  • CVE-2023-37171Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

  • CVE-2023-37172Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

  • CVE-2023-37149Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

  • CVE-2023-37170Jul 7, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

  • CVE-2023-37173Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

  • CVE-2023-37145Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

  • CVE-2023-37148Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.

  • CVE-2023-37146Jul 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2023-33556Jun 7, 2023
    risk 0.00cvss epss 0.02

    TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.

  • CVE-2023-33485May 31, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.

  • CVE-2023-33487May 31, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.

  • CVE-2023-33486May 31, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.

  • CVE-2023-2790May 18, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is…

  • CVE-2023-31729May 18, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

  • CVE-2023-30053May 5, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

  • CVE-2023-30054May 5, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.

  • CVE-2023-27232Mar 28, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.

  • CVE-2023-27231Mar 28, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.

  • CVE-2023-27229Mar 28, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.

  • CVE-2022-28496Mar 23, 2023
    risk 0.00cvss epss 0.01

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2022-28497Mar 23, 2023
    risk 0.00cvss epss 0.01

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2022-28493Mar 23, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,

  • CVE-2022-28494Mar 23, 2023
    risk 0.00cvss epss 0.03

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2023-27135Mar 23, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.

  • CVE-2022-28491Mar 23, 2023
    risk 0.00cvss epss 0.05

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2022-28492Mar 23, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.

  • CVE-2023-25395Mar 8, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.

  • CVE-2023-24184Feb 21, 2023
    risk 0.00cvss epss 0.01

    TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.

  • CVE-2023-23064Feb 17, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.

  • CVE-2023-24236Feb 16, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.

  • CVE-2023-24238Feb 16, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

  • CVE-2023-24276Feb 6, 2023
    risk 0.00cvss epss 0.02

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

  • CVE-2023-24149Feb 3, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.

  • CVE-2023-24155Feb 3, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

  • CVE-2023-24153Feb 3, 2023
    risk 0.00cvss epss 0.02

    A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24147Feb 3, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.

Page 21 of 25