CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7095 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7095
25 Dec 2023 — A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/2.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6906 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-6906
18 Dec 2023 — A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/1.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-33556
https://notcve.org/view.php?id=CVE-2023-33556
07 Jun 2023 — TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/37 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30053
https://notcve.org/view.php?id=CVE-2023-30053
05 May 2023 — TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. • https://github.com/Am1ngl/ttt/tree/main/160 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30054
https://notcve.org/view.php?id=CVE-2023-30054
05 May 2023 — TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. • https://github.com/Am1ngl/ttt/tree/main/161 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 1CVE-2023-26848
https://notcve.org/view.php?id=CVE-2023-26848
07 Apr 2023 — TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. • https://github.com/Am1ngl/ttt/tree/main/23 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 1CVE-2023-26978
https://notcve.org/view.php?id=CVE-2023-26978
07 Apr 2023 — TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/28 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 1CVE-2023-27229
https://notcve.org/view.php?id=CVE-2023-27229
28 Mar 2023 — TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/30 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 1CVE-2023-27231
https://notcve.org/view.php?id=CVE-2023-27231
28 Mar 2023 — TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/31 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 1CVE-2023-27232
https://notcve.org/view.php?id=CVE-2023-27232
28 Mar 2023 — TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/32 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •