CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8079 – TOTOLINK AC1200 T8 exportOvpn buffer overflow
https://notcve.org/view.php?id=CVE-2024-8079
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8078 – TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8078
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8077 – TOTOLINK AC1200 T8 setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8077
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8076 – TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8076
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8075 – TOTOLINK AC1200 T8 setDiagnosisCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8075
22 Aug 2024 — A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7909 – TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7909
18 Aug 2024 — A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7908 – TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7908
18 Aug 2024 — A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.275034 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7907 – TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
https://notcve.org/view.php?id=CVE-2024-7907
18 Aug 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/totolink/x6000R/setSyslogCfg_injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42966
https://notcve.org/view.php?id=CVE-2024-42966
15 Aug 2024 — Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/N350R/ExportSettings.md • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42967
https://notcve.org/view.php?id=CVE-2024-42967
15 Aug 2024 — Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md • CWE-284: Improper Access Control •