Filtered by vendor Totolink
Subscribe
Total
970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | |||||
| CVE-2022-38534 | 1 Totolink | 2 A720r, A720r Firmware | 2023-08-08 | N/A | 7.2 HIGH |
| TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. | |||||
| CVE-2022-25083 | 1 Totolink | 2 A860r, A860r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25080 | 1 Totolink | 2 A830r, A830r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28908 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | |||||
| CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | |||||
| CVE-2022-25075 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25076 | 1 Totolink | 2 A800r, A800r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25078 | 1 Totolink | 1 A3600r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-32449 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2023-08-02 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | |||||
| CVE-2023-37172 | 1 Totolink | 2 A3300r, A3300r Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2023-37171 | 1 Totolink | 2 A3300r, A3300r Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||||
| CVE-2023-37173 | 1 Totolink | 2 A3300r, A3300r Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2023-37170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | |||||
| CVE-2023-37145 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-07-12 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||||
| CVE-2023-37146 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-07-12 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-37148 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-07-12 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | |||||
| CVE-2023-37149 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-07-12 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | |||||
| CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||||
| CVE-2022-28496 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2023-03-29 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||