Filtered by vendor Totolink
Subscribe
Total
545 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8580 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-10 | 7.6 HIGH | 8.1 HIGH |
| A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8579 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-10 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8573 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-09-09 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | |||||
| CVE-2024-8576 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8577 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8575 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8574 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8578 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-46993 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | |||||
| CVE-2023-46979 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | |||||
| CVE-2023-46978 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 7.5 HIGH |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | |||||
| CVE-2023-46977 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | |||||
| CVE-2023-46976 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-46485 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | |||||
| CVE-2023-46484 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | |||||
| CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-09-03 | N/A | 9.1 CRITICAL |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | |||||
| CVE-2024-23057 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-30 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | |||||
| CVE-2023-52042 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-08-30 | N/A | 9.8 CRITICAL |
| An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | |||||