Filtered by vendor Totolink Subscriptions
Total 640 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8578 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-09 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-46993 1 Totolink 2 A3300r, A3300r Firmware 2024-09-06 9.8 Critical
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
CVE-2023-46979 1 Totolink 2 X6000r, X6000r Firmware 2024-09-06 9.8 Critical
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
CVE-2023-46978 1 Totolink 2 X6000r, X6000r Firmware 2024-09-06 7.5 High
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
CVE-2023-46977 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2024-09-06 9.8 Critical
TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVE-2023-46976 1 Totolink 2 A3300r, A3300r Firmware 2024-09-06 9.8 Critical
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
CVE-2023-46485 1 Totolink 2 X6000r, X6000r Firmware 2024-09-06 9.8 Critical
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
CVE-2023-46484 1 Totolink 2 X6000r, X6000r Firmware 2024-09-06 9.8 Critical
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
CVE-2024-42967 1 Totolink 2 Lr350, Lr350 Firmware 2024-09-06 9.8 Critical
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-0997 1 Totolink 2 N200re, N200re Firmware 2024-09-05 7.2 High
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-46025 1 Totolink 2 N200re V5, N200re V5 Firmware 2024-09-03 9.1 Critical
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.
CVE-2024-23057 1 Totolink 2 A3300r, A3300r Firmware 2024-08-30 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2023-52042 1 Totolink 2 X6000r, X6000r Firmware 2024-08-30 9.8 Critical
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
CVE-2024-34195 1 Totolink 2 A3002r, A3002r Firmware 2024-08-30 8.8 High
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
CVE-2024-8078 1 Totolink 2 Ac1200 T8, T8 Firmware 2024-08-29 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8079 1 Totolink 3 Ac1200 T8, Ac1200 T8 Firmware, T8 Firmware 2024-08-29 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8077 1 Totolink 2 Ac1200 T8, T8 Firmware 2024-08-29 6.3 Medium
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8076 1 Totolink 2 Ac1200 T8, T8 Firmware 2024-08-29 8.8 High
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8075 1 Totolink 2 Ac1200 T8, T8 Firmware 2024-08-29 6.3 Medium
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-34198 1 Totolink 1 A3002ru Firmware 2024-08-29 9.8 Critical
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.