CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51025
https://notcve.org/view.php?id=CVE-2023-51025
22 Dec 2023 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de un comando arbitrario no autorizado en el parámetro 'admuser' de la interfaz setPasswordCfg del cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51026
https://notcve.org/view.php?id=CVE-2023-51026
22 Dec 2023 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro 'hour' de la interfaz setRebootScheCfg de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setRebootScheCfg-hour • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51027
https://notcve.org/view.php?id=CVE-2023-51027
22 Dec 2023 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro 'apcliAuthMode' de la interfaz setWiFiExtenderConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliAuthMode •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51028
https://notcve.org/view.php?id=CVE-2023-51028
22 Dec 2023 — TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. TOTOLINK EX1800T 9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro apcliChannel de la interfaz setWiFiExtenderConfig de cstecgi.cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliChannel • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51033
https://notcve.org/view.php?id=CVE-2023-51033
22 Dec 2023 — TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. TOTOlink EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecución de comandos arbitrarios a través de la interfaz cstecgi.cgi setOpModeCfg. • https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51034
https://notcve.org/view.php?id=CVE-2023-51034
22 Dec 2023 — TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. TOTOlink EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecución de comandos arbitrarios a través de la interfaz cstecgi.cgi UploadFirmwareFile. • https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51035
https://notcve.org/view.php?id=CVE-2023-51035
22 Dec 2023 — TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. TOTOLINK EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecución de comandos arbitrarios en la interfaz cstecgi.cgi NTPSyncWithHost. • https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6906 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-6906
18 Dec 2023 — A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/1.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49417
https://notcve.org/view.php?id=CVE-2023-49417
11 Dec 2023 — TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a través de setOpModeCfg. • https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setOpModeCfg • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49418
https://notcve.org/view.php?id=CVE-2023-49418
11 Dec 2023 — TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a través de setIpPortFilterRules. • https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules • CWE-787: Out-of-bounds Write •