Filtered by vendor Totolink
Subscribe
Search
Total
266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7219 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7220 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-01-12 | N/A | 6.5 MEDIUM |
| A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7222 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7221 | 1 Totolink | 2 T6, T6 Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7218 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-01-11 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0292 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0293 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0296 | 1 Totolink | 2 N200re, N200re Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0297 | 1 Totolink | 2 N200re, N200re Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0294 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0295 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0298 | 1 Totolink | 2 N200re, N200re Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0299 | 1 Totolink | 2 N200re, N200re Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7208 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7213 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-01-11 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7214 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-01-11 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0291 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-01-11 | N/A | 8.8 HIGH |
| A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4746 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-01-09 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635. | |||||
| CVE-2023-7187 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-01-05 | N/A | 8.8 HIGH |
| A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51133 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-05 | N/A | 9.8 CRITICAL |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | |||||
| CVE-2023-51135 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-05 | N/A | 9.8 CRITICAL |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | |||||
| CVE-2023-51136 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-05 | N/A | 9.8 CRITICAL |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | |||||
| CVE-2023-50651 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-05 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | |||||
| CVE-2023-7095 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-01-03 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | |||||
| CVE-2023-51035 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-01-03 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | |||||
| CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | |||||
| CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | |||||
| CVE-2023-50147 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | |||||
| CVE-2023-51023 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | |||||
| CVE-2023-51024 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi | |||||
| CVE-2023-51012 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51013 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51011 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51017 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51019 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51022 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51021 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51016 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-6906 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49418 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | |||||
| CVE-2023-49417 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | |||||