CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2025-6164
17 Jun 2025 — A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/awindog/cve/blob/main/688/10.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6163 – TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2025-6163
17 Jun 2025 — A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lena-lyy/cve/blob/main/688/9.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6162 – TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2025-6162
17 Jun 2025 — A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lena-lyy/cve/blob/main/688/8.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6149 – TOTOLINK A3002R HTTP POST Request formSysLog buffer overflow
https://notcve.org/view.php?id=CVE-2025-6149
17 Jun 2025 — A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lena-lyy/cve/blob/main/6.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6145 – TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow
https://notcve.org/view.php?id=CVE-2025-6145
16 Jun 2025 — A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/awindog/cve/blob/main/688/2.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6144 – TOTOLINK EX1200T HTTP POST Request formSysCmd buffer overflow
https://notcve.org/view.php?id=CVE-2025-6144
16 Jun 2025 — A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/awindog/cve/blob/main/688/1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6143 – TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow
https://notcve.org/view.php?id=CVE-2025-6143
16 Jun 2025 — A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/awindog/cve/blob/main/13.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6139 – TOTOLINK T10 shadow.sample hard-coded password
https://notcve.org/view.php?id=CVE-2025-6139
16 Jun 2025 — A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. • https://candle-throne-f75.notion.site/TOTOLINK-T10-shadow-20ddf0aa118580f5a455cd5dbc521472 • CWE-255: Credentials Management Errors CWE-259: Use of Hard-coded Password •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6138 – TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow
https://notcve.org/view.php?id=CVE-2025-6138
16 Jun 2025 — A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153?pvs=73 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6137 – TOTOLINK T10 HTTP POST Request cstecgi.cgi setWiFiScheduleCfg buffer overflow
https://notcve.org/view.php?id=CVE-2025-6137
16 Jun 2025 — A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://candle-throne-f75.notion.site/TOTOLINK-T10-setWiFiScheduleCfg-20ddf0aa11858053a171f052787c202f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •