Total
4704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2025-04-04 | N/A | 7.4 HIGH |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | |||||
| CVE-2024-34921 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 8.8 HIGH |
| TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. | |||||
| CVE-2024-42740 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 6.8 MEDIUM |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 7.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-32351 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. | |||||
| CVE-2022-48126 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
| CVE-2023-0164 | 1 Orangescrum | 1 Orangescrum | 2025-04-03 | N/A | 8.8 HIGH |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. | |||||
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||||
| CVE-2022-48125 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
| CVE-2022-48124 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
| CVE-2022-48123 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-48122 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-48121 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2024-41314 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
| CVE-2024-41315 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
| CVE-2024-41317 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-37626 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. | |||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2094 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2095 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||