Filtered by vendor Totolink
Subscribe
Total
310 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | |||||
CVE-2023-33486 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | |||||
CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-06-06 | N/A | 8.8 HIGH |
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | |||||
CVE-2023-2790 | 1 Totolink | 2 N200re, N200re Firmware | 2023-05-27 | N/A | 5.5 MEDIUM |
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2023-05-25 | N/A | 9.8 CRITICAL |
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||||
CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2023-05-25 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection. | |||||
CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-05-11 | N/A | 9.8 CRITICAL |
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-05-11 | N/A | 9.8 CRITICAL |
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | |||||
CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-05-11 | N/A | 9.8 CRITICAL |
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | |||||
CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-25 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-25 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | |||||
CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-21 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-21 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-21 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||||
CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2023-04-21 | N/A | 9.8 CRITICAL |
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | |||||
CVE-2023-26978 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | |||||
CVE-2023-26848 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | |||||
CVE-2023-27229 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-04-04 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | |||||
CVE-2023-27231 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-04-04 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | |||||
CVE-2023-27232 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-04-04 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. |