CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7213 – TOTOLINK A7000R cstecgi.cgi setWizardCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-7213
30 Jul 2024 — A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/setWizardCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7212 – TOTOLINK A7000R cstecgi.cgi loginauth buffer overflow
https://notcve.org/view.php?id=CVE-2024-7212
30 Jul 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/loginauth_password.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-28639
https://notcve.org/view.php?id=CVE-2024-28639
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022, permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través del campo IP. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_1.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28640
https://notcve.org/view.php?id=CVE-2024-28640
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022 permite a un atacante remoto provocar una denegación de servicio (D0S) a través del campo de comando. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49417
https://notcve.org/view.php?id=CVE-2023-49417
11 Dec 2023 — TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a través de setOpModeCfg. • https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setOpModeCfg • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49418
https://notcve.org/view.php?id=CVE-2023-49418
11 Dec 2023 — TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a través de setIpPortFilterRules. • https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45984
https://notcve.org/view.php?id=CVE-2023-45984
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro lang en la función setLanguageCfg. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45985
https://notcve.org/view.php?id=CVE-2023-45985
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila en la función setParentalRules. Esta vulnerabilidad permite a los atacantes provocar una Denegación de Servicio (DoS) me... • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36947
https://notcve.org/view.php?id=CVE-2023-36947
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro File en la función UploadCustomModule. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36950
https://notcve.org/view.php?id=CVE-2023-36950
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •