ReportizFlow
Filtered by vendor Totolink
Subscriptions
Total
651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48810 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48808 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48807 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48806 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48805 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48804 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48803 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48802 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48800 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | ||||
| CVE-2023-48799 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. | ||||
| CVE-2023-48192 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | ||||
| CVE-2023-46993 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | ||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||||
| CVE-2023-46979 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | ||||
| CVE-2023-46978 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | ||||
| CVE-2023-46977 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | ||||
| CVE-2023-46976 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-46574 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | ||||
| CVE-2023-46564 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | ||||
| CVE-2023-46563 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | ||||