CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42747
https://notcve.org/view.php?id=CVE-2024-42747
12 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWanIeCfg/setWanIeCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42748
https://notcve.org/view.php?id=CVE-2024-42748
12 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWiFiWpsCfg/setWiFiWpsCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-28639
https://notcve.org/view.php?id=CVE-2024-28639
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022, permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través del campo IP. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_1.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28640
https://notcve.org/view.php?id=CVE-2024-28640
16 Mar 2024 — Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Vulnerabilidad de desbordamiento de búfer en TOTOLink X5000R V9.1.0u.6118-B20201102 y A7000R V9.1.0u.6115-B20201022 permite a un atacante remoto provocar una denegación de servicio (D0S) a través del campo de comando. • https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6612 – Totolink X5000R cstecgi.cgi setWizardCfg os command injection
https://notcve.org/view.php?id=CVE-2023-6612
08 Dec 2023 — A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConf... • https://github.com/OraclePi/repo/tree/main/totolink%20X5000R • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45984
https://notcve.org/view.php?id=CVE-2023-45984
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro lang en la función setLanguageCfg. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45985
https://notcve.org/view.php?id=CVE-2023-45985
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila en la función setParentalRules. Esta vulnerabilidad permite a los atacantes provocar una Denegación de Servicio (DoS) me... • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36947
https://notcve.org/view.php?id=CVE-2023-36947
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro File en la función UploadCustomModule. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36950
https://notcve.org/view.php?id=CVE-2023-36950
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39617
https://notcve.org/view.php?id=CVE-2023-39617
21 Aug 2023 — TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. • https://sedate-class-393.notion.site/TOTOlink-ee7eb0d4cd5d43e9983296200371eff1?pvs=4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •