CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0296 – Totolink N200RE cstecgi.cgi NTPSyncWithHost os command injection
https://notcve.org/view.php?id=CVE-2024-0296
08 Jan 2024 — A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2024-0295 – Totolink LR1200GB cstecgi.cgi setWanCfg os command injection
https://notcve.org/view.php?id=CVE-2024-0295
08 Jan 2024 — A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2024-0294 – Totolink LR1200GB cstecgi.cgi setUssd os command injection
https://notcve.org/view.php?id=CVE-2024-0294
08 Jan 2024 — A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0293 – Totolink LR1200GB cstecgi.cgi setUploadSetting os command injection
https://notcve.org/view.php?id=CVE-2024-0293
08 Jan 2024 — A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0292 – Totolink LR1200GB cstecgi.cgi setOpModeCfg os command injection
https://notcve.org/view.php?id=CVE-2024-0292
08 Jan 2024 — A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0291 – Totolink LR1200GB cstecgi.cgi UploadFirmwareFile command injection
https://notcve.org/view.php?id=CVE-2024-0291
08 Jan 2024 — A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7214 – Totolink N350RT HTTP POST Request main stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7214
07 Jan 2024 — A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/3/README.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7213 – Totolink N350RT HTTP POST Request main stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7213
07 Jan 2024 — A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7208 – Totolink X2000R_V2 boa formTmultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2023-7208
07 Jan 2024 — A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/unpWn4bL3/iot-security/blob/main/13.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7187 – Totolink N350RT HTTP POST Request stack-based overflow
https://notcve.org/view.php?id=CVE-2023-7187
31 Dec 2023 — A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/1/README.md • CWE-121: Stack-based Buffer Overflow •