CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-50651
https://notcve.org/view.php?id=CVE-2023-50651
30 Dec 2023 — TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. Se descubrió que TOTOLINK X6000R v9.4.0cu.852_B20230719 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del componente /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51133
https://notcve.org/view.php?id=CVE-2023-51133
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRoute. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/26/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51135
https://notcve.org/view.php?id=CVE-2023-51135
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formPasswordSetup. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/29/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51136
https://notcve.org/view.php?id=CVE-2023-51136
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRebootSchedule. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/28/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7095 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7095
25 Dec 2023 — A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/2.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-50147
https://notcve.org/view.php?id=CVE-2023-50147
22 Dec 2023 — There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Existe una vulnerabilidad de ejecución de comando arbitrario en la función setDiagnosisCfg del cstecgi .cgi del dispositivo enrutador TOTOlink A3700R en su versión de firmware V9.1.2u.5822_B20200513. • https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setDiagnosisCfg%29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51011
https://notcve.org/view.php?id=CVE-2023-51011
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanPriDns de la interfaz setLanConfig de cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanPriDns •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51012
https://notcve.org/view.php?id=CVE-2023-51012
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanGateway de la interfaz setLanConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanGateway •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51013
https://notcve.org/view.php?id=CVE-2023-51013
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanNetmask de la interfaz setLanConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanNetmask •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51014
https://notcve.org/view.php?id=CVE-2023-51014
22 Dec 2023 — TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi TOTOLINK EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanSecDns de la interfaz setLanConfig de cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig_lanSecDns • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •