CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0571 – Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0571
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md https://vuldb.com/?ctiid.250787 https://vuldb.com/?id.250787 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0570 – Totolink N350RT Setting cstecgi.cgi access control
https://notcve.org/view.php?id=CVE-2024-0570
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. • https://vuldb.com/?ctiid.250786 https://vuldb.com/?id.250786 https://vuldb.com/?submit.263655 https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31 https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0569 – Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure
https://notcve.org/view.php?id=CVE-2024-0569
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing https://vuldb.com/?ctiid.250785 https://vuldb.com/?id.250785 https://vuldb.com/?submit.263653 https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84 https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 1CVE-2023-52042
https://notcve.org/view.php?id=CVE-2023-52042
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. Un problema descubierto en la función sub_4117F8 en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'lang'. • https://kee02p.github.io/2024/01/13/CVE-2023-52042 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2023-52041
https://notcve.org/view.php?id=CVE-2023-52041
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. Un problema descubierto en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar código arbitrario a través de la función sub_410118 del programa shttpd. • https://kee02p.github.io/2024/01/13/CVE-2023-52041 •