Filtered by vendor Totolink
Subscribe
Total
514 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29644 | 1 Totolink | 2 A3100r, A3100r Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | |||||
CVE-2021-43663 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2023-12-10 | 7.9 HIGH | 7.5 HIGH |
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | |||||
CVE-2022-29391 | 1 Totolink | 2 N600r, N600r Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | |||||
CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2023-12-10 | 7.9 HIGH | 8.8 HIGH |
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | |||||
CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | |||||
CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-25134 | 1 Totolink | 2 T6, T6 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
CVE-2022-26187 | 1 Totolink | 2 N600r, N600r Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | |||||
CVE-2021-43711 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | |||||
CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | |||||
CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | |||||
CVE-2021-44247 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. | |||||
CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | |||||
CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | |||||
CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | |||||
CVE-2021-45733 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. | |||||
CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | |||||
CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | |||||
CVE-2021-45742 | 1 Totolink | 2 A720r, A720r Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
CVE-2021-44246 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. |