CVE-2024-0579 – Totolink X2000R formMapDelDevice command injection
https://notcve.org/view.php?id=CVE-2024-0579
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md https://vuldb.com/?ctiid.250795 https://vuldb.com/?id.250795 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-7222 – Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2023-7222
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md https://vuldb.com/?ctiid.249856 https://vuldb.com/?id.249856 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-51136
https://notcve.org/view.php?id=CVE-2023-51136
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRebootSchedule. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/28/1.md https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 • CWE-787: Out-of-bounds Write •
CVE-2023-51133
https://notcve.org/view.php?id=CVE-2023-51133
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRoute. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/26/1.md https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 • CWE-787: Out-of-bounds Write •
CVE-2023-51135
https://notcve.org/view.php?id=CVE-2023-51135
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formPasswordSetup. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/29/1.md https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 • CWE-787: Out-of-bounds Write •