Filtered by vendor Totolink
Subscriptions
Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | ||||
| CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2025-01-23 | 9.8 Critical |
| A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | ||||
| CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-01-22 | 9.8 Critical |
| TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | ||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-10 | 8.8 High |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | ||||
| CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-09 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | ||||
| CVE-2023-33486 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-09 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | ||||
| CVE-2023-31569 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-08 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | ||||
| CVE-2023-33556 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-07 | 9.8 Critical |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | ||||
| CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25468 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-12-16 | 7.5 High |
| An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | ||||
| CVE-2024-2353 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-16 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8079 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8078 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8077 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 6.3 Medium |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8076 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8075 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12352 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-12-10 | 4.3 Medium |
| A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51228 | 1 Totolink | 4 A3002ru Firmware, N150rt Firmware, N300rt Firmware and 1 more | 2024-11-29 | 6.8 Medium |
| An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component. | ||||
| CVE-2023-43454 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-26 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | ||||
| CVE-2023-48801 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-26 | 9.8 Critical |
| In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | ||||