Filtered by vendor Totolink Subscriptions
Total 640 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-46413 1 Totolink 2 X6000r, X6000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
CVE-2023-46551 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.
CVE-2023-46564 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
CVE-2023-46545 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.
CVE-2023-46546 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.
CVE-2023-46547 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.
CVE-2023-46548 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.
CVE-2023-46549 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.
CVE-2023-46550 1 Totolink 2 X2000r, X2000r Firmware 2024-09-11 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.
CVE-2024-0575 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2024-09-10 8.8 High
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8580 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-10 8.1 High
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8579 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-10 8.8 High
A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8577 1 Totolink 6 Ac1200 T10 Firmware, Ac1200 T8 Firmware, T10 and 3 more 2024-09-10 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8576 1 Totolink 6 Ac1200 T10 Firmware, Ac1200 T8 Firmware, T10 and 3 more 2024-09-10 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8574 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-10 6.3 Medium
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8573 1 Totolink 6 Ac1200 T10 Firmware, Ac1200 T8 Firmware, T10 and 3 more 2024-09-10 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-51034 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-09-09 9.8 Critical
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
CVE-2024-8575 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-09 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8578 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-09 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-46993 1 Totolink 2 A3300r, A3300r Firmware 2024-09-06 9.8 Critical
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.