CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43663
https://notcve.org/view.php?id=CVE-2021-43663
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente cloudupdate_check • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-43662
https://notcve.org/view.php?id=CVE-2021-43662
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. totolink EX300_v2, versión V4.0.3c.140_B20210429 y A720R ,versión V4.1.5cu.470_B20200911, presentan un problema que causa un consumo no controlado de recursos • https://github.com/chibataiki/iot-vuls/blob/main/totolink/dos.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43661
https://notcve.org/view.php?id=CVE-2021-43661
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejada por medio del componente /home.asp • https://github.com/chibataiki/iot-vuls/blob/main/totolink/xss-vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 1CVE-2021-43664
https://notcve.org/view.php?id=CVE-2021-43664
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente process forceugpo • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-25008
https://notcve.org/view.php?id=CVE-2022-25008
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. Totolink EX300_v2 versión V4.0.3c.140_B20210429 y EX1200T versión V4.1.2cu.5230_B20210706, no contienen un mecanismo de autenticación • https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md • CWE-306: Missing Authentication for Critical Function •