CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32327
https://notcve.org/view.php?id=CVE-2024-32327
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el reenvío de puertos en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_5_Port_Forwarding/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32332
https://notcve.org/view.php?id=CVE-2024-32332
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de Cross Site Scripting (XSS) en la configuración de WDS en la página inalámbrica. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_1_WDS_Settings/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32333
https://notcve.org/view.php?id=CVE-2024-32333
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado MAC en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_3_MAC_Filtering/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32334
https://notcve.org/view.php?id=CVE-2024-32334
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado de IP/puerto en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_4_IP_Port_Filtering/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32335
https://notcve.org/view.php?id=CVE-2024-32335
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el control de acceso en la página inalámbrica. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_2_Access_Control/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31807
https://notcve.org/view.php?id=CVE-2024-31807
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hostTime en la función NTPSyncWithHost. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31808
https://notcve.org/view.php?id=CVE-2024-31808
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro webWlanIdx en la función setWebWlanIdx. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md • CWE-233: Improper Handling of Parameters •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31809
https://notcve.org/view.php?id=CVE-2024-31809
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro FileName en la función setUpgradeFW. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31811
https://notcve.org/view.php?id=CVE-2024-31811
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro langType en la función setLanguageCfg. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_1_setLanguageCfg/CI.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31814
https://notcve.org/view.php?id=CVE-2024-31814
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. TOTOLINK EX200 V4.0.3c.7646_B20201211 permite a los atacantes omitir el inicio de sesión a través de la función Form_Login. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Login_Bypass/bypass.md • CWE-288: Authentication Bypass Using an Alternate Path or Channel •