CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37640
https://notcve.org/view.php?id=CVE-2024-37640
14 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contenía un desbordamiento de pila a través de ssid5g en la función setWiFiEasyGuestCfg. • https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/TOTOLINK/A3700R/setWiFiEasyGuestCfg • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37631
https://notcve.org/view.php?id=CVE-2024-37631
13 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contenía un desbordamiento de pila a través del parámetro Archivo en la función UploadCustomModule. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/UploadCustomModule/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37633
https://notcve.org/view.php?id=CVE-2024-37633
13 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contiene un desbordamiento de pila a través de ssid en la función setWiFiGuestCfg • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWiFiGuestCfg/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37634
https://notcve.org/view.php?id=CVE-2024-37634
13 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contenía un desbordamiento de pila a través de ssid en la función setWiFiEasyCfg. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWiFiEasyCfg/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2024-37632
https://notcve.org/view.php?id=CVE-2024-37632
13 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contenía un desbordamiento de pila a través del parámetro de contraseña en la función loginAuth. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/loginAuth/README.md •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2024-37635
https://notcve.org/view.php?id=CVE-2024-37635
13 Jun 2024 — TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg Se descubrió que TOTOLINK A3700R V9.1.2u.6165_20211012 contiene un desbordamiento de pila a través de ssid en la función setWiFiBasicCfg • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWiFiBasicCfg/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36650
https://notcve.org/view.php?id=CVE-2024-36650
11 Jun 2024 — TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, en la función cgi `setNoticeCfg` del archivo `/lib/... • https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34257
https://notcve.org/view.php?id=CVE-2024-34257
08 May 2024 — TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. TOTOLINK EX1800T V9.1.0cu.2112_B20220316 tiene una vulnerabilidad en el parámetro apcliEncrypType que permite la ejecución no autorizada de comandos arbitrarios, permitiendo a un atacante obtener privilegios de administrador del dispositivo. • https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32325
https://notcve.org/view.php?id=CVE-2024-32325
18 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de Cross Site Scripting (XSS) a través del parámetro ssid en la función setWiFiExtenderConfig. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/XSS_ssid/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32326
https://notcve.org/view.php?id=CVE-2024-32326
18 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de Cross Site Scripting (XSS) a través del parámetro clave en la función setWiFiExtenderConfig. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/XSS_key/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •