Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1781 | 0.01 | — | 0.15 | Feb 23, 2024 | A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been… | |||
| CVE-2023-52030 | 0.01 | — | 0.02 | Jan 11, 2024 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. | |||
| CVE-2023-52032 | 0.01 | — | 0.02 | Jan 11, 2024 | TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | |||
| CVE-2023-52029 | 0.01 | — | 0.02 | Jan 11, 2024 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. | |||
| CVE-2023-52031 | 0.01 | — | 0.02 | Jan 11, 2024 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | |||
| CVE-2023-52027 | 0.01 | — | 0.02 | Jan 11, 2024 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | |||
| CVE-2023-7095 | 0.01 | — | 0.14 | Dec 25, 2023 | A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag… | |||
| CVE-2023-6612 | 0.01 | — | 0.31 | Dec 8, 2023 | A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkC… | |||
| CVE-2023-46977 | 0.01 | — | 0.09 | Oct 31, 2023 | TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | |||
| CVE-2023-39618 | 0.01 | — | 0.01 | Aug 21, 2023 | TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | |||
| CVE-2023-39617 | 0.01 | — | 0.01 | Aug 21, 2023 | TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | |||
| CVE-2023-31569 | 0.01 | — | 0.03 | Jun 6, 2023 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | |||
| CVE-2023-29799 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||
| CVE-2023-29800 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||
| CVE-2023-29798 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||
| CVE-2023-29802 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||
| CVE-2023-29803 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | |||
| CVE-2023-29801 | 0.01 | — | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | |||
| CVE-2023-26848 | 0.01 | — | 0.02 | Apr 7, 2023 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | |||
| CVE-2023-26978 | 0.01 | — | 0.02 | Apr 7, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | |||
| CVE-2022-28495 | 0.01 | — | 0.02 | Mar 24, 2023 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2023-24161 | 0.01 | — | 0.02 | Feb 14, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||
| CVE-2023-24159 | 0.01 | — | 0.02 | Feb 14, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | |||
| CVE-2023-24160 | 0.01 | — | 0.02 | Feb 14, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||
| CVE-2023-24156 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24154 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | |||
| CVE-2023-24140 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | |||
| CVE-2023-24139 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | |||
| CVE-2023-24148 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | |||
| CVE-2023-24143 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | |||
| CVE-2023-24151 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24152 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24142 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | |||
| CVE-2023-24145 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | |||
| CVE-2023-24144 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | |||
| CVE-2023-24150 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24157 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24138 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | |||
| CVE-2023-24146 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | |||
| CVE-2023-24141 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | |||
| CVE-2022-48069 | 0.01 | — | 0.01 | Jan 27, 2023 | Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | |||
| CVE-2022-48126 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | |||
| CVE-2022-48125 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | |||
| CVE-2022-48124 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | |||
| CVE-2022-48123 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | |||
| CVE-2022-48121 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | |||
| CVE-2022-48122 | 0.01 | — | 0.02 | Jan 20, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | |||
| CVE-2022-47853 | 0.01 | — | 0.02 | Jan 17, 2023 | TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | |||
| CVE-2022-46634 | 0.01 | — | 0.02 | Dec 15, 2022 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | |||
| CVE-2022-46631 | 0.01 | — | 0.02 | Dec 15, 2022 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. |
- CVE-2024-1781Feb 23, 2024risk 0.01cvss —epss 0.15
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been…
- CVE-2023-52030Jan 11, 2024risk 0.01cvss —epss 0.02
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
- CVE-2023-52032Jan 11, 2024risk 0.01cvss —epss 0.02
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
- CVE-2023-52029Jan 11, 2024risk 0.01cvss —epss 0.02
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.
- CVE-2023-52031Jan 11, 2024risk 0.01cvss —epss 0.02
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
- CVE-2023-52027Jan 11, 2024risk 0.01cvss —epss 0.02
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
- CVE-2023-7095Dec 25, 2023risk 0.01cvss —epss 0.14
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag…
- CVE-2023-6612Dec 8, 2023risk 0.01cvss —epss 0.31
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkC…
- CVE-2023-46977Oct 31, 2023risk 0.01cvss —epss 0.09
TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
- CVE-2023-39618Aug 21, 2023risk 0.01cvss —epss 0.01
TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.
- CVE-2023-39617Aug 21, 2023risk 0.01cvss —epss 0.01
TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
- CVE-2023-31569Jun 6, 2023risk 0.01cvss —epss 0.03
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
- CVE-2023-29799Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
- CVE-2023-29800Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
- CVE-2023-29798Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
- CVE-2023-29802Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
- CVE-2023-29803Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.
- CVE-2023-29801Apr 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.
- CVE-2023-26848Apr 7, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
- CVE-2023-26978Apr 7, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
- CVE-2022-28495Mar 24, 2023risk 0.01cvss —epss 0.02
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2023-24161Feb 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
- CVE-2023-24159Feb 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.
- CVE-2023-24160Feb 14, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
- CVE-2023-24156Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24154Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
- CVE-2023-24140Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
- CVE-2023-24139Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
- CVE-2023-24148Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.
- CVE-2023-24143Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
- CVE-2023-24151Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24152Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24142Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
- CVE-2023-24145Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
- CVE-2023-24144Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
- CVE-2023-24150Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24157Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24138Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
- CVE-2023-24146Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
- CVE-2023-24141Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
- CVE-2022-48069Jan 27, 2023risk 0.01cvss —epss 0.01
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.
- CVE-2022-48126Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
- CVE-2022-48125Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
- CVE-2022-48124Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
- CVE-2022-48123Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
- CVE-2022-48121Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
- CVE-2022-48122Jan 20, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
- CVE-2022-47853Jan 17, 2023risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.
- CVE-2022-46634Dec 15, 2022risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
- CVE-2022-46631Dec 15, 2022risk 0.01cvss —epss 0.02
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
Page 6 of 25