CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33485
https://notcve.org/view.php?id=CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 1CVE-2023-30013 – TOTOLINK Wireless Routers Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. • http://packetstormsecurity.com/files/174799/TOTOLINK-Wireless-Routers-Remote-Command-Execution.html https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/2 https://attackerkb.com/topics/xnX3I3PEgM/cve-2023-30013 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27004
https://notcve.org/view.php?id=CVE-2022-27004
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6in4 por medio del parámetro remote6in4. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_31/31.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27005
https://notcve.org/view.php?id=CVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función setWanCfg por medio del parámetro hostName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_30/30.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27003
https://notcve.org/view.php?id=CVE-2022-27003
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6rd por medio del parámetro relay6rd. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_32/32.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •