ReportizFlow
Filtered by vendor Totolink
Subscriptions
Filtered by product X18 Firmware
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | ||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | ||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||||
| CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
Page 1 of 1.