CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46025
https://notcve.org/view.php?id=CVE-2022-46025
10 Jan 2024 — Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. Totolink N200RE_V5 V9.3.5u.6255_B20211224 es vulnerable a un control de acceso incorrecto. El dispositivo permite a atacantes remotos obtener información del sistema Wi-Fi, como el SSID y la contraseña de Wi-Fi, sin iniciar sesión en la página de administración. • https://pastebin.com/aan5jT40 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7223 – Totolink T6 cstecgi.cgi access control
https://notcve.org/view.php?id=CVE-2023-7223
09 Jan 2024 — A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1puSOo5XrzMrctw7EtrE7DnfssOOuhRTS/view?usp=sharing • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7222 – Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2023-7222
09 Jan 2024 — A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7221 – Totolink T6 HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7221
09 Jan 2024 — A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7220 – Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7220
09 Jan 2024 — A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7219 – Totolink N350RT cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7219
09 Jan 2024 — A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/5/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7218 – Totolink N350RT cstecgi.cgi loginAuth stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7218
08 Jan 2024 — A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2024-0299 – Totolink N200RE cstecgi.cgi setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-0299
08 Jan 2024 — A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0298 – Totolink N200RE cstecgi.cgi setDiagnosisCfg os command injection
https://notcve.org/view.php?id=CVE-2024-0298
08 Jan 2024 — A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0297 – Totolink N200RE cstecgi.cgi UploadFirmwareFile os command injection
https://notcve.org/view.php?id=CVE-2024-0297
08 Jan 2024 — A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •