Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36340 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | |||
| CVE-2023-36950 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | |||
| CVE-2023-36953 | 0.00 | — | 0.02 | Oct 16, 2023 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||
| CVE-2023-45984 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | |||
| CVE-2023-36955 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | |||
| CVE-2023-45985 | 0.00 | — | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||
| CVE-2023-43141 | 0.00 | — | 0.01 | Sep 25, 2023 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | |||
| CVE-2023-4746 | 0.00 | — | 0.03 | Sep 4, 2023 | A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format… | |||
| CVE-2023-4412 | 0.00 | — | 0.03 | Aug 18, 2023 | A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and… | |||
| CVE-2023-4411 | 0.00 | — | 0.05 | Aug 18, 2023 | A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed… | |||
| CVE-2023-4410 | 0.00 | — | 0.03 | Aug 18, 2023 | A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed… | |||
| CVE-2023-40042 | 0.00 | — | 0.01 | Aug 8, 2023 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code. | |||
| CVE-2023-40041 | 0.00 | — | 0.01 | Aug 8, 2023 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code. | |||
| CVE-2023-34669 | 0.00 | — | 0.01 | Jul 17, 2023 | TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | |||
| CVE-2023-37171 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||
| CVE-2023-37172 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||
| CVE-2023-37149 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | |||
| CVE-2023-37170 | 0.00 | — | 0.01 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | |||
| CVE-2023-37173 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||
| CVE-2023-37145 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||
| CVE-2023-37148 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | |||
| CVE-2023-37146 | 0.00 | — | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||
| CVE-2023-33556 | 0.00 | — | 0.02 | Jun 7, 2023 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | |||
| CVE-2023-33485 | 0.00 | — | 0.01 | May 31, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | |||
| CVE-2023-33487 | 0.00 | — | 0.01 | May 31, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | |||
| CVE-2023-33486 | 0.00 | — | 0.01 | May 31, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | |||
| CVE-2023-2790 | 0.00 | — | 0.00 | May 18, 2023 | A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is… | |||
| CVE-2023-31729 | 0.00 | — | 0.02 | May 18, 2023 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | |||
| CVE-2023-30053 | 0.00 | — | 0.02 | May 5, 2023 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | |||
| CVE-2023-30054 | 0.00 | — | 0.02 | May 5, 2023 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | |||
| CVE-2023-27232 | 0.00 | — | 0.02 | Mar 28, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. | |||
| CVE-2023-27231 | 0.00 | — | 0.02 | Mar 28, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | |||
| CVE-2023-27229 | 0.00 | — | 0.02 | Mar 28, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | |||
| CVE-2022-28496 | 0.00 | — | 0.01 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28497 | 0.00 | — | 0.01 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28493 | 0.00 | — | 0.01 | Mar 23, 2023 | A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, | |||
| CVE-2022-28494 | 0.00 | — | 0.03 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2023-27135 | 0.00 | — | 0.02 | Mar 23, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | |||
| CVE-2022-28491 | 0.00 | — | 0.05 | Mar 23, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-28492 | 0.00 | — | 0.01 | Mar 23, 2023 | TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. | |||
| CVE-2023-25395 | 0.00 | — | 0.02 | Mar 8, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. | |||
| CVE-2023-24184 | 0.00 | — | 0.01 | Feb 21, 2023 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | |||
| CVE-2023-23064 | 0.00 | — | 0.01 | Feb 17, 2023 | TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | |||
| CVE-2023-24236 | 0.00 | — | 0.02 | Feb 16, 2023 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||
| CVE-2023-24238 | 0.00 | — | 0.02 | Feb 16, 2023 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||
| CVE-2023-24276 | 0.00 | — | 0.02 | Feb 6, 2023 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. | |||
| CVE-2023-24149 | 0.00 | — | 0.01 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | |||
| CVE-2023-24155 | 0.00 | — | 0.01 | Feb 3, 2023 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | |||
| CVE-2023-24153 | 0.00 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24147 | 0.00 | — | 0.01 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. |
- CVE-2023-36340Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
- CVE-2023-36950Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
- CVE-2023-36953Oct 16, 2023risk 0.00cvss —epss 0.02
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
- CVE-2023-45984Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
- CVE-2023-36955Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
- CVE-2023-45985Oct 16, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2023-43141Sep 25, 2023risk 0.00cvss —epss 0.01
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
- CVE-2023-4746Sep 4, 2023risk 0.00cvss —epss 0.03
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format…
- CVE-2023-4412Aug 18, 2023risk 0.00cvss —epss 0.03
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and…
- CVE-2023-4411Aug 18, 2023risk 0.00cvss —epss 0.05
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed…
- CVE-2023-4410Aug 18, 2023risk 0.00cvss —epss 0.03
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed…
- CVE-2023-40042Aug 8, 2023risk 0.00cvss —epss 0.01
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.
- CVE-2023-40041Aug 8, 2023risk 0.00cvss —epss 0.01
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.
- CVE-2023-34669Jul 17, 2023risk 0.00cvss —epss 0.01
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
- CVE-2023-37171Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
- CVE-2023-37172Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
- CVE-2023-37149Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.
- CVE-2023-37170Jul 7, 2023risk 0.00cvss —epss 0.01
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
- CVE-2023-37173Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
- CVE-2023-37145Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
- CVE-2023-37148Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.
- CVE-2023-37146Jul 7, 2023risk 0.00cvss —epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
- CVE-2023-33556Jun 7, 2023risk 0.00cvss —epss 0.02
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
- CVE-2023-33485May 31, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
- CVE-2023-33487May 31, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.
- CVE-2023-33486May 31, 2023risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.
- CVE-2023-2790May 18, 2023risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is…
- CVE-2023-31729May 18, 2023risk 0.00cvss —epss 0.02
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
- CVE-2023-30053May 5, 2023risk 0.00cvss —epss 0.02
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
- CVE-2023-30054May 5, 2023risk 0.00cvss —epss 0.02
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
- CVE-2023-27232Mar 28, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
- CVE-2023-27231Mar 28, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
- CVE-2023-27229Mar 28, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
- CVE-2022-28496Mar 23, 2023risk 0.00cvss —epss 0.01
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28497Mar 23, 2023risk 0.00cvss —epss 0.01
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28493Mar 23, 2023risk 0.00cvss —epss 0.01
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
- CVE-2022-28494Mar 23, 2023risk 0.00cvss —epss 0.03
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2023-27135Mar 23, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
- CVE-2022-28491Mar 23, 2023risk 0.00cvss —epss 0.05
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-28492Mar 23, 2023risk 0.00cvss —epss 0.01
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
- CVE-2023-25395Mar 8, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
- CVE-2023-24184Feb 21, 2023risk 0.00cvss —epss 0.01
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
- CVE-2023-23064Feb 17, 2023risk 0.00cvss —epss 0.01
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.
- CVE-2023-24236Feb 16, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
- CVE-2023-24238Feb 16, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.
- CVE-2023-24276Feb 6, 2023risk 0.00cvss —epss 0.02
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
- CVE-2023-24149Feb 3, 2023risk 0.00cvss —epss 0.01
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
- CVE-2023-24155Feb 3, 2023risk 0.00cvss —epss 0.01
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
- CVE-2023-24153Feb 3, 2023risk 0.00cvss —epss 0.02
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24147Feb 3, 2023risk 0.00cvss —epss 0.01
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
Page 21 of 25