CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7223 – Totolink T6 cstecgi.cgi access control
https://notcve.org/view.php?id=CVE-2023-7223
09 Jan 2024 — A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1puSOo5XrzMrctw7EtrE7DnfssOOuhRTS/view?usp=sharing • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7221 – Totolink T6 HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7221
09 Jan 2024 — A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-38823
https://notcve.org/view.php?id=CVE-2022-38823
16 Sep 2022 — In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta una contraseña codificada para root en /etc/shadow.sample • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/hard_code.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-38826
https://notcve.org/view.php?id=CVE-2022-38826
16 Sep 2022 — In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta un comando de ejecución arbitraria en cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setStaticDhcpRules_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38827
https://notcve.org/view.php?id=CVE-2022-38827
16 Sep 2022 — TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable al desbordamiento del búfer a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_2.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-38828
https://notcve.org/view.php?id=CVE-2022-38828
16 Sep 2022 — TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable a la inyección de comandos a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32044
https://notcve.org/view.php?id=CVE-2022-32044
01 Jul 2022 — TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. Se ha detectado que TOTOLINK T6 versión V4.1.9cu.5179_B20201015, contiene un desbordamiento de pila por medio del parámetro password en la función FUN_00413f80 • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/T6-v2/5.setWiFiRepeaterCfg • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32045
https://notcve.org/view.php?id=CVE-2022-32045
01 Jul 2022 — TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. Se ha detectado que TOTOLINK T6 versión V4.1.9cu.5179_B20201015, contiene un desbordamiento de pila por medio del parámetro desc en la función FUN_00413be4 • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/T6-v2/4.setWiFiScheduleCfg • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32046
https://notcve.org/view.php?id=CVE-2022-32046
01 Jul 2022 — TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. Se ha detectado que TOTOLINK T6 versión V4.1.9cu.5179_B20201015, contiene un desbordamiento de pila por medio del parámetro desc en la función FUN_0041880c • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/T6-v2/8.setMacFilterRules • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32047
https://notcve.org/view.php?id=CVE-2022-32047
01 Jul 2022 — TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. Se ha detectado que TOTOLINK T6 versión V4.1.9cu.5179_B20201015, contiene un desbordamiento de pila por medio del parámetro desc en la función FUN_00412ef4 • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/T6-v2/1.setIpPortFilterRules • CWE-787: Out-of-bounds Write •