CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7220 – Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7220
09 Jan 2024 — A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36340
https://notcve.org/view.php?id=CVE-2023-36340
16 Oct 2023 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK NR1800X V9.1.0u.6279_B20210910 contenía un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/TOTOLINK-NR1800X.md • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41517
https://notcve.org/view.php?id=CVE-2022-41517
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila en el parámetro lang de la función setLanguageCfg • https://brief-nymphea-813.notion.site/TOTOLink-NR1800X-f97f2b9552c04eaf85fce31bccbfcf04 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-41518
https://notcve.org/view.php?id=CVE-2022-41518
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene una vulnerabilidad de inyección de comandos por medio de la función UploadFirmwareFile en el archivo /cgi-bin/cstecgi.cgi • https://brief-nymphea-813.notion.site/NR1800X-command-injection-UploadFirmwareFile-a98e96086d824b7d8b788a8639322457 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41520
https://notcve.org/view.php?id=CVE-2022-41520
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro File en la función UploadCustomModule • https://brief-nymphea-813.notion.site/NR1800X-bof-UploadCustomModule-2bcabf2017084213b9a238fab938d782 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41521
https://notcve.org/view.php?id=CVE-2022-41521
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro sPort/ePort en la función setIpPortFilterRules • https://brief-nymphea-813.notion.site/NR1800X-bof-setIpPortFilterRules-fd99f83f37ad40fab7d7b376942633d2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41522
https://notcve.org/view.php?id=CVE-2022-41522
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila no autenticado por medio de la función "main" • https://brief-nymphea-813.notion.site/NR1800X-bof-main-pre-authentication-29ccdaa7af054674828f7b3cf38aae82 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41523
https://notcve.org/view.php?id=CVE-2022-41523
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro command en la función setTracerouteCfg • https://brief-nymphea-813.notion.site/NR1800X-bof-setTracerouteCfg-0e29fc2fcba74a28a3e3822d71ddb2ef • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41524
https://notcve.org/view.php?id=CVE-2022-41524
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio de los parámetros week, sTime y eTime en la función setParentalRules • https://brief-nymphea-813.notion.site/NR1800X-bof-setParentalRules-0da79b5ce7d44212b275a33b77935a42 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-41525
https://notcve.org/view.php?id=CVE-2022-41525
06 Oct 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene una vulnerabilidad de inyección de comandos por medio de la función OpModeCfg en el archivo /cgi-bin/cstecgi.cgi • https://brief-nymphea-813.notion.site/NR1800X-command-injection-setOpModeCfg-7b10868ba53544148d9aa3100b5df5cc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •