Filtered by vendor Totolink
Subscribe
Total
970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2353 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-16 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8079 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8078 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8077 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8076 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8075 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12352 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-12-10 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-34669 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2024-10-31 | N/A | 7.5 HIGH |
| TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | |||||
| CVE-2023-45985 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-10-30 | N/A | 7.5 HIGH |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-10-28 | N/A | 7.5 HIGH |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | |||||
| CVE-2024-42966 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-10-24 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2024-23058 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-10-01 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | |||||
| CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2024-09-25 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | |||||
| CVE-2024-9001 | 1 Totolink | 2 T10, T10 Firmware | 2024-09-24 | N/A | 8.8 HIGH |
| A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8869 | 1 Totolink | 2 A720r, A720r Firmware | 2024-09-20 | N/A | 8.1 HIGH |
| A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-46451 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | |||||
| CVE-2024-46424 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 7.5 HIGH |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. | |||||
| CVE-2024-46419 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | |||||
| CVE-2023-46424 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | |||||
| CVE-2023-36947 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-09-12 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | |||||