CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31805
https://notcve.org/view.php?id=CVE-2024-31805
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. TOTOLINK EX200 V4.0.3c.7646_B20201211 permite a atacantes iniciar el servicio Telnet sin autorización a través del parámetro telnet_enabled en la función setTelnetCfg. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_5_setTelnetCfg/CI.md • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31806
https://notcve.org/view.php?id=CVE-2024-31806
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de denegación de servicio (DoS) en la función RebootSystem que puede reiniciar el sistema sin autorización. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/DoS_RebootSystem/DoS.md •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31812
https://notcve.org/view.php?id=CVE-2024-31812
08 Apr 2024 — In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. En TOTOLINK EX200 V4.0.3c.7646_B20201211, un atacante puede obtener información confidencial sin autorización a través de la función getWiFiExtenderConfig. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getWiFiExtenderConfig/Leak.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31815
https://notcve.org/view.php?id=CVE-2024-31815
08 Apr 2024 — In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh En TOTOLINK EX200 V4.0.3c.7314_B20191204, un atacante puede obtener el archivo de configuración sin autorización a través de /cgi-bin/ExportSettings.sh • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_ExportSettings/Leak.md • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31816
https://notcve.org/view.php?id=CVE-2024-31816
08 Apr 2024 — In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. En TOTOLINK EX200 V4.0.3c.7646_B20201211, un atacante puede obtener información confidencial sin autorización a través de la función getEasyWizardCfg. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getEasyWizardCfg/Leak.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31817
https://notcve.org/view.php?id=CVE-2024-31817
08 Apr 2024 — In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. En TOTOLINK EX200 V4.0.3c.7646_B20201211, un atacante puede obtener información confidencial sin autorización a través de la función getSysStatusCfg. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getSysStatusCfg/Leak.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27521
https://notcve.org/view.php?id=CVE-2024-27521
26 Mar 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root"). Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de ej... • https://github.com/SpikeReply/advisories/blob/main/cve/totolink/cve-2024-27521.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28402
https://notcve.org/view.php?id=CVE-2024-28402
21 Mar 2024 — TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK X2000R anterior a V1.0.0-B20231213.1013 contiene una vulnerabilidad de cross-site scripting almacenados (XSS) en el filtrado de IP/puerto en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_4_IP_Port_Filtering/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-28639
https://notcve.org/view.php?id=CVE-2024-28639
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022, permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través del campo IP. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_1.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28640
https://notcve.org/view.php?id=CVE-2024-28640
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022 permite a un atacante remoto provocar una denegación de servicio (D0S) a través del campo de comando. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md • CWE-125: Out-of-bounds Read •