ReportizFlow
Filtered by vendor Totolink
Subscriptions
Total
651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25468 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-12-17 | 7.5 High |
| An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | ||||
| CVE-2024-2353 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-17 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28639 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-12-17 | 9.8 Critical |
| Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. | ||||
| CVE-2024-52723 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-17 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | ||||
| CVE-2024-8079 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8078 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8077 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 6.3 Medium |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8076 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8075 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12352 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-12-11 | 4.3 Medium |
| A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51228 | 1 Totolink | 4 A3002ru Firmware, N150rt Firmware, N300rt Firmware and 1 more | 2024-11-29 | 6.8 Medium |
| An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component. | ||||
| CVE-2023-43454 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-26 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | ||||
| CVE-2023-48801 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-26 | 9.8 Critical |
| In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | ||||
| CVE-2024-53335 | 1 Totolink | 1 A810r Firmware | 2024-11-26 | 7.8 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. | ||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-26 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-48812 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-26 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2024-53333 | 1 Totolink | 1 Ex200 Firmware | 2024-11-26 | 6.3 Medium |
| TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | ||||
| CVE-2024-53334 | 1 Totolink | 1 A810r Firmware | 2024-11-22 | 8.8 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. | ||||
| CVE-2024-7217 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||