Filtered by vendor Totolink
Subscriptions
Total
643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32333 | 1 Totolink | 1 N300rt | 2024-08-02 | 4.3 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-32325 | 1 Totolink | 1 Ex200 | 2024-08-02 | 2.4 Low |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | ||||
| CVE-2024-32353 | 1 Totolink | 1 X5000r | 2024-08-02 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-32332 | 1 Totolink | 1 N300rt Firmware | 2024-08-02 | 6.1 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | ||||
| CVE-2024-32334 | 1 Totolink | 1 N300rt | 2024-08-02 | 6.5 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2024-24331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | ||||
| CVE-2024-24330 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | ||||
| CVE-2024-24332 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | ||||
| CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | ||||
| CVE-2024-24327 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | ||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | ||||
| CVE-2024-23059 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | ||||
| CVE-2024-23061 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | ||||
| CVE-2024-22660 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | ||||
| CVE-2024-23060 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | ||||
| CVE-2024-22942 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | ||||
| CVE-2024-22662 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | ||||
| CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-01 | 9.8 Critical |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | ||||
| CVE-2024-1002 | 1 Totolink | 2 N200re, N200re Firmware | 2024-08-01 | 7.2 High |
| A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1001 | 1 Totolink | 2 N200re, N200re Firmware | 2024-08-01 | 7.2 High |
| A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||