CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0573 – Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0573
16 Jan 2024 — A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0572 – Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0572
16 Jan 2024 — A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0571 – Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0571
16 Jan 2024 — A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0570 – Totolink N350RT Setting cstecgi.cgi access control
https://notcve.org/view.php?id=CVE-2024-0570
16 Jan 2024 — A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. • https://vuldb.com/?ctiid.250786 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2024-0569 – Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure
https://notcve.org/view.php?id=CVE-2024-0569
16 Jan 2024 — A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52041
https://notcve.org/view.php?id=CVE-2023-52041
16 Jan 2024 — An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. Un problema descubierto en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar código arbitrario a través de la función sub_410118 del programa shttpd. • https://kee02p.github.io/2024/01/13/CVE-2023-52041 •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52042
https://notcve.org/view.php?id=CVE-2023-52042
16 Jan 2024 — An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. Un problema descubierto en la función sub_4117F8 en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'lang'. • https://kee02p.github.io/2024/01/13/CVE-2023-52042 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-52026
https://notcve.org/view.php?id=CVE-2023-52026
12 Jan 2024 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface Se descubrió que TOTOlink EX1800T V9.1.0cu.2112_B20220316 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro telnet_enabled de la interfaz setTelnetCfg • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-22942
https://notcve.org/view.php?id=CVE-2024-22942
11 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro hostName en la función setWanCfg. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-23057
https://notcve.org/view.php?id=CVE-2024-23057
11 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro tz en la función setNtpCfg. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •