ReportizFlow
Filtered by vendor Totolink
Subscriptions
Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27521 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-04-08 | 8.0 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root"). | ||||
| CVE-2024-28404 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 8.0 High |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-28402 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 5.9 Medium |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2025-2369 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-07 | 8.8 High |
| A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2370 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-07 | 8.8 High |
| A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57023 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57024 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57025 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-32326 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | ||||
| CVE-2025-25579 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-07 | 9.8 Critical |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. | ||||
| CVE-2022-47853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-04 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | ||||
| CVE-2024-35387 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-04 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | ||||
| CVE-2024-36783 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-04 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. | ||||
| CVE-2025-25604 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 6.5 Medium |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. | ||||
| CVE-2025-25605 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 6.5 Medium |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. | ||||
| CVE-2024-34218 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | 3.8 Low |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | ||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | 8.6 High |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | ||||
| CVE-2024-34308 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-04 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. | ||||
| CVE-2024-34921 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 8.8 High |
| TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. | ||||
| CVE-2024-53333 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-04 | 6.3 Medium |
| TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | ||||