Filtered by vendor Totolink
Subscriptions
Total
679 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34213 | 1 Totolink | 1 Cp450 | 2025-02-13 | 9.8 Critical |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. | ||||
| CVE-2024-34212 | 1 Totolink | 1 Cp450 | 2025-02-13 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | ||||
| CVE-2024-34211 | 1 Totolink | 1 Cp450 Firmware | 2025-02-13 | 8.8 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-34210 | 1 Totolink | 1 Outdoor Cpe Cp450 | 2025-02-13 | 7.3 High |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | ||||
| CVE-2024-34209 | 1 Totolink | 1 Cp450 | 2025-02-13 | 9.8 Critical |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | ||||
| CVE-2024-34207 | 1 Totolink | 1 Cp450 Firmware | 2025-02-13 | 8.8 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | ||||
| CVE-2024-34206 | 1 Totolink | 1 Cp450 Firmware | 2025-02-13 | 6.5 Medium |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | ||||
| CVE-2024-34205 | 1 Totolink | 1 Cp450 | 2025-02-13 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | ||||
| CVE-2024-34204 | 1 Totolink | 1 Cp450 Firmware | 2025-02-13 | 9.8 Critical |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | ||||
| CVE-2024-34203 | 1 Totolink | 1 Cp450 Firmware | 2025-02-13 | 3.8 Low |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. | ||||
| CVE-2024-34202 | 1 Totolink | 1 Cp450 | 2025-02-13 | 6.5 Medium |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. | ||||
| CVE-2024-34201 | 1 Totolink | 1 Cp450 | 2025-02-13 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. | ||||
| CVE-2024-34200 | 1 Totolink | 1 Cp450 | 2025-02-13 | 8.8 High |
| TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | ||||
| CVE-2024-34196 | 1 Totolink | 1 A3002ru-v3 Firmware | 2025-02-13 | 8.8 High |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks. | ||||
| CVE-2024-33433 | 1 Totolink | 1 X2000r Firmware | 2025-02-13 | 4.8 Medium |
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | ||||
| CVE-2024-32355 | 1 Totolink | 1 X5000r Firmware | 2025-02-13 | 8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. | ||||
| CVE-2024-32354 | 1 Totolink | 1 X5000r Firmware | 2025-02-13 | 6 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-32353 | 1 Totolink | 1 X5000r | 2025-02-13 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-32352 | 1 Totolink | 1 X5000r | 2025-02-13 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. | ||||
| CVE-2024-32351 | 1 Totolink | 1 X5000r Firmware | 2025-02-13 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. | ||||