Filtered by vendor Totolink
Subscriptions
Total
958 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0573 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-11-21 | 8.8 High |
| A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0292 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7222 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 7.2 High |
| A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7214 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7208 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 8 High |
| A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7187 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7095 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6612 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-52042 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | ||||
| CVE-2023-52040 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | ||||
| CVE-2023-51136 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | ||||
| CVE-2023-51135 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | ||||
| CVE-2023-51133 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | ||||
| CVE-2023-51035 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | ||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | ||||
| CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | ||||
| CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | ||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | ||||