Filtered by vendor Totolink
Subscribe
Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | |||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | |||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | |||||
| CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2025-01-23 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||||
| CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-01-22 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | |||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-10 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | |||||
| CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-09 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | |||||
| CVE-2023-33486 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-09 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | |||||
| CVE-2023-31569 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-08 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | |||||
| CVE-2023-33556 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-07 | N/A | 9.8 CRITICAL |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | |||||
| CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-2353 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8079 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8078 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8077 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8076 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||