VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2024-1781Feb 23, 2024
    risk 0.01cvss epss 0.15

    A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been…

  • CVE-2023-52030Jan 11, 2024
    risk 0.01cvss epss 0.02

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.

  • CVE-2023-52032Jan 11, 2024
    risk 0.01cvss epss 0.02

    TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.

  • CVE-2023-52029Jan 11, 2024
    risk 0.01cvss epss 0.02

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.

  • CVE-2023-52031Jan 11, 2024
    risk 0.01cvss epss 0.02

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.

  • CVE-2023-52027Jan 11, 2024
    risk 0.01cvss epss 0.02

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.

  • CVE-2023-7095Dec 25, 2023
    risk 0.01cvss epss 0.14

    A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag…

  • CVE-2023-6612Dec 8, 2023
    risk 0.01cvss epss 0.31

    A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkC…

  • CVE-2023-46977Oct 31, 2023
    risk 0.01cvss epss 0.09

    TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

  • CVE-2023-39618Aug 21, 2023
    risk 0.01cvss epss 0.01

    TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.

  • CVE-2023-39617Aug 21, 2023
    risk 0.01cvss epss 0.01

    TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

  • CVE-2023-31569Jun 6, 2023
    risk 0.01cvss epss 0.03

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

  • CVE-2023-29799Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

  • CVE-2023-29800Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2023-29798Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

  • CVE-2023-29802Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

  • CVE-2023-29803Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.

  • CVE-2023-29801Apr 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.

  • CVE-2023-26848Apr 7, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.

  • CVE-2023-26978Apr 7, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.

  • CVE-2022-28495Mar 24, 2023
    risk 0.01cvss epss 0.02

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2023-24161Feb 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

  • CVE-2023-24159Feb 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.

  • CVE-2023-24160Feb 14, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

  • CVE-2023-24156Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24154Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

  • CVE-2023-24140Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.

  • CVE-2023-24139Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.

  • CVE-2023-24148Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

  • CVE-2023-24143Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.

  • CVE-2023-24151Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24152Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24142Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.

  • CVE-2023-24145Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.

  • CVE-2023-24144Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.

  • CVE-2023-24150Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24157Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24138Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.

  • CVE-2023-24146Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.

  • CVE-2023-24141Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.

  • CVE-2022-48069Jan 27, 2023
    risk 0.01cvss epss 0.01

    Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.

  • CVE-2022-48126Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.

  • CVE-2022-48125Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.

  • CVE-2022-48124Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.

  • CVE-2022-48123Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.

  • CVE-2022-48121Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.

  • CVE-2022-48122Jan 20, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.

  • CVE-2022-47853Jan 17, 2023
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

  • CVE-2022-46634Dec 15, 2022
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

  • CVE-2022-46631Dec 15, 2022
    risk 0.01cvss epss 0.02

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

Page 6 of 25