Filtered by vendor Totolink
Subscriptions
Filtered by product X5000r
Subscriptions
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | ||||
| CVE-2021-45738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. | ||||
| CVE-2021-45733 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. | ||||
| CVE-2021-27710 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-08-03 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS. | ||||
| CVE-2021-27708 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-08-03 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS. | ||||
| CVE-2022-26213 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-03 | 9.8 Critical |
| Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2023-39617 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | ||||
| CVE-2023-39618 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | ||||
| CVE-2023-33486 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | ||||
| CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | ||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 8.8 High |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | ||||
| CVE-2023-31569 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | ||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | ||||
| CVE-2023-6612 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-02 | 5.5 Medium |
| A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-32352 | 1 Totolink | 1 X5000r | 2024-08-02 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. | ||||
| CVE-2024-32353 | 1 Totolink | 1 X5000r | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||