Filtered by vendor Totolink
Subscribe
Total
952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2024-35397 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-35398 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. | |||||
| CVE-2024-35399 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth | |||||
| CVE-2024-35400 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 5.3 MEDIUM |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules | |||||
| CVE-2024-35401 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 5.9 MEDIUM |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2024-37640 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. | |||||
| CVE-2024-37639 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. | |||||
| CVE-2024-37637 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. | |||||
| CVE-2024-37634 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. | |||||
| CVE-2024-37633 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg | |||||
| CVE-2024-37631 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. | |||||
| CVE-2024-32327 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | N/A | 5.5 MEDIUM |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | |||||
| CVE-2024-32332 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | N/A | 6.1 MEDIUM |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | |||||
| CVE-2024-32333 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | N/A | 4.3 MEDIUM |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | |||||
| CVE-2024-32334 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | N/A | 6.5 MEDIUM |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | |||||
| CVE-2024-32335 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | N/A | 5.4 MEDIUM |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | |||||
| CVE-2025-25610 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa. | |||||
| CVE-2025-25609 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa | |||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||