Filtered by vendor Totolink
Subscriptions
Total
737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-50651 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-17 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-0296 | 1 Totolink | 2 N200re, N200re Firmware | 2025-04-17 | 7.3 High |
| A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-28138 | 1 Totolink | 2 A800r, A800r Firmware | 2025-04-15 | 9.8 Critical |
| The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28135 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-15 | 7.5 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. | ||||
| CVE-2025-28256 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-04-14 | 9.8 Critical |
| An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. | ||||
| CVE-2024-54907 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-09 | 8.8 High |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. | ||||
| CVE-2024-31810 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-09 | 9.8 Critical |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2024-33433 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-09 | 4.8 Medium |
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | ||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 9.8 Critical |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | ||||
| CVE-2024-34205 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | ||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 6.5 Medium |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | ||||
| CVE-2024-34207 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 8.8 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | ||||
| CVE-2024-34209 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 9.8 Critical |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | ||||
| CVE-2024-34210 | 1 Totolink | 3 Cp450, Cp450 Firmware, Outdoor Cpe Cp450 | 2025-04-09 | 7.3 High |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | ||||
| CVE-2024-34211 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 8.8 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-34212 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | ||||
| CVE-2024-34213 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 9.8 Critical |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. | ||||
| CVE-2024-34215 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. | ||||
| CVE-2024-34217 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 7.7 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. | ||||