Filtered by vendor Totolink
Subscribe
Total
1107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34210 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | |||||
| CVE-2024-34209 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | |||||
| CVE-2024-34207 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | |||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-34205 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | |||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-34203 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 3.8 LOW |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. | |||||
| CVE-2024-34202 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. | |||||
| CVE-2024-34201 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. | |||||
| CVE-2024-34200 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | |||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | |||||
| CVE-2024-34196 | 1 Totolink | 2 A3002ru-v3, A3002ru-v3 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks. | |||||
| CVE-2024-34195 | 1 Totolink | 2 A3002r, A3002r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. | |||||
| CVE-2024-33820 | 1 Totolink | 2 A3002r, A3002r Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-33433 | 1 Totolink | 2 X2000r, X2000r Firmware | 2026-06-17 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | |||||
| CVE-2024-32355 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. | |||||
| CVE-2024-32354 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 6.0 MEDIUM |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32353 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32352 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. | |||||
| CVE-2024-32351 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. | |||||