Filtered by vendor Totolink Subscriptions
Total 643 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-45741 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
CVE-2021-45740 1 Totolink 2 A720r, A720r Firmware 2024-11-21 9.8 Critical
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.
CVE-2021-45739 1 Totolink 2 A720r, A720r Firmware 2024-11-21 7.5 High
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.
CVE-2021-45738 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
CVE-2021-45737 1 Totolink 2 A720r, A720r Firmware 2024-11-21 7.5 High
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.
CVE-2021-45736 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.
CVE-2021-45735 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVE-2021-45734 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVE-2021-45733 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVE-2021-44620 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 9.8 Critical
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
CVE-2021-44247 1 Totolink 6 A3100r, A3100r Firmware, A720r and 3 more 2024-11-21 9.8 Critical
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.
CVE-2021-44246 1 Totolink 6 A3100r, A3100r Firmware, A720r and 3 more 2024-11-21 7.5 High
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.
CVE-2021-43711 1 Totolink 2 Ex200, Ex200 Firmware 2024-11-21 9.8 Critical
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
CVE-2021-43664 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 8.1 High
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process&nbsp;forceugpo.
CVE-2021-43663 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 7.5 High
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
CVE-2021-43662 1 Totolink 4 A720r, A720r Firmware, Ex300 V2 and 1 more 2024-11-21 6.5 Medium
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVE-2021-43661 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 6.1 Medium
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
CVE-2021-43636 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 9.8 Critical
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
CVE-2021-42893 1 Totolink 2 Ex1200t, Ex1200t Firmware 2024-11-21 7.5 High
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
CVE-2021-42892 1 Totolink 2 Ex1200t, Ex1200t Firmware 2024-11-21 4.3 Medium
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.