Filtered by vendor Totolink
Subscriptions
Total
642 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51133 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-20 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | ||||
| CVE-2024-31813 | 1 Totolink | 1 Ex200 Firmware | 2024-11-19 | 8.4 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | ||||
| CVE-2024-51141 | 1 Totolink | 1 Wifi Usb Driver | 2024-11-18 | 7.8 High |
| An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components. | ||||
| CVE-2023-7214 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7222 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-14 | 7.2 High |
| A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-14 | 9.8 Critical |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | ||||
| CVE-2023-37148 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-14 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | ||||
| CVE-2023-37149 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-13 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | ||||
| CVE-2023-37145 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-13 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||||
| CVE-2024-24333 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | ||||
| CVE-2023-37146 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-37170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | ||||
| CVE-2023-37171 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | ||||
| CVE-2023-37172 | 1 Totolink | 3 A3000ru, A3300r, A3300r Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2023-37173 | 1 Totolink | 3 A3000ru, A3300r, A3300r Firmware | 2024-11-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2024-10966 | 1 Totolink | 1 X18 | 2024-11-08 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10654 | 1 Totolink | 1 Lr350 | 2024-11-05 | 5.3 Medium |
| A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-34669 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2024-10-31 | 7.5 High |
| TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | ||||
| CVE-2023-45985 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-10-30 | 7.5 High |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-34200 | 1 Totolink | 1 Cp450 | 2024-10-29 | 8.8 High |
| TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | ||||