Filtered by vendor Totolink
Subscribe
Total
587 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46993 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | |||||
CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | N/A | 7.5 HIGH |
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | |||||
CVE-2023-46979 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | |||||
CVE-2023-46978 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 7.5 HIGH |
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | |||||
CVE-2023-46977 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | |||||
CVE-2023-46976 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | |||||
CVE-2023-46485 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | |||||
CVE-2023-46484 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | |||||
CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-09-03 | N/A | 9.1 CRITICAL |
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | |||||
CVE-2024-23057 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-30 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | |||||
CVE-2023-52042 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-08-30 | N/A | 9.8 CRITICAL |
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | |||||
CVE-2024-34195 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-30 | N/A | 9.8 CRITICAL |
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. | |||||
CVE-2024-8078 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8079 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8077 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8076 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8075 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-24326 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-29 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | |||||
CVE-2024-24328 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-28 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. |