CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8869 – TOTOLINK A720R exportOvpn os command injection
https://notcve.org/view.php?id=CVE-2024-8869
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?ctiid.277506 https://vuldb.com/?id.277506 https://vuldb.com/?submit.403211 https://www.totolink.net • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23064
https://notcve.org/view.php?id=CVE-2023-23064
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. • https://github.com/shellpei/TOTOLINK-Unauthorized/blob/main/CVE-2023-23064 • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38535
https://notcve.org/view.php?id=CVE-2022-38535
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. Se ha detectado que TOTOLINK-720R versión v4.1.5cu.374, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función setTracerouteCfg • https://github.com/Jfox816/TOTOLINK-720R/blob/177ee39a5a8557a6bd19586731b0e624548b67ee/totolink%20720%20RCode%20Execution2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38534
https://notcve.org/view.php?id=CVE-2022-38534
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. Se ha detectado que TOTOLINK-720R versión v4.1.5cu.374, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función setdiagnosicfg • https://github.com/Jfox816/TOTOLINK-720R/blob/fb6ba109ba9c5bd1b0d8e22c88ee14bdc4a75e6b/TOTOLINK%20720%20RCode%20Execution.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36610
https://notcve.org/view.php?id=CVE-2022-36610
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Se ha detectado que TOTOLINK A720R versión V4.1.5cu.532_B20210610, contiene una contraseña embebida para root en el archivo /etc/shadow.sample • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A720R/hard_code.md • CWE-798: Use of Hard-coded Credentials •