CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33485
https://notcve.org/view.php?id=CVE-2023-33485
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33486
https://notcve.org/view.php?id=CVE-2023-33486
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33487
https://notcve.org/view.php?id=CVE-2023-33487
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 1CVE-2023-30013 – TOTOLINK Wireless Routers Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-30013
05 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. • http://packetstormsecurity.com/files/174799/TOTOLINK-Wireless-Routers-Remote-Command-Execution.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •