Filtered by vendor Totolink
Subscriptions
Total
984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4412 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4411 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-49418 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | ||||
| CVE-2023-48860 | 1 Totolink | 2 N300rt, N300rt Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | ||||
| CVE-2023-48859 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | ||||
| CVE-2023-48811 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48810 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48808 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48807 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48806 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48805 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48804 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48803 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | ||||
| CVE-2023-48800 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | ||||
| CVE-2023-48799 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. | ||||
| CVE-2023-48192 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | ||||
| CVE-2023-46993 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | ||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||||
| CVE-2023-46979 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | ||||
| CVE-2023-46978 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | ||||