Filtered by vendor Totolink Subscriptions
Total 635 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39617 1 Totolink 2 X5000r, X5000r Firmware 2024-10-07 9.8 Critical
TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVE-2023-39618 1 Totolink 2 X5000r, X5000r Firmware 2024-10-07 9.8 Critical
TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.
CVE-2024-23058 1 Totolink 2 A3300r, A3300r Firmware 2024-10-01 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2023-43141 1 Totolink 4 A3700r, A3700r Firmware, N600r and 1 more 2024-09-25 9.8 Critical
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
CVE-2024-9001 1 Totolink 2 T10, T10 Firmware 2024-09-24 6.3 Medium
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8869 1 Totolink 2 A720r, A720r Firmware 2024-09-20 5 Medium
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-46451 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-17 9.8 Critical
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
CVE-2024-46424 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-17 7.5 High
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.
CVE-2024-46419 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-17 9.8 Critical
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
CVE-2023-36340 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-09-16 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36952 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-09-16 9.8 Critical
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.
CVE-2023-36953 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-09-16 9.8 Critical
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36954 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-09-16 9.8 Critical
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36955 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-09-16 9.8 Critical
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-46424 1 Totolink 2 X6000r, X6000r Firmware 2024-09-12 9.8 Critical
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.
CVE-2023-51025 1 Totolink 2 Ex1800t, Ex1800t Firmware 2024-09-12 9.8 Critical
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.
CVE-2023-51014 1 Totolink 2 Ex1800t, Ex1800t Firmware 2024-09-12 9.8 Critical
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi
CVE-2023-45984 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-09-12 9.8 Critical
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
CVE-2023-36950 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-09-12 9.8 Critical
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36947 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-09-12 9.8 Critical
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.