CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45984
https://notcve.org/view.php?id=CVE-2023-45984
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro lang en la función setLanguageCfg. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45985
https://notcve.org/view.php?id=CVE-2023-45985
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila en la función setParentalRules. Esta vulnerabilidad permite a los atacantes provocar una Denegación de Servicio (DoS) me... • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36340
https://notcve.org/view.php?id=CVE-2023-36340
16 Oct 2023 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK NR1800X V9.1.0u.6279_B20210910 contenía un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/TOTOLINK-NR1800X.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36947
https://notcve.org/view.php?id=CVE-2023-36947
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro File en la función UploadCustomModule. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36950
https://notcve.org/view.php?id=CVE-2023-36950
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36952
https://notcve.org/view.php?id=CVE-2023-36952
16 Oct 2023 — TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. Se descubrió que TOTOLINK CP300+ V5.2cu.7594_B20200910 contenía un desbordamiento de pila a través del parámetro pingIp en la función setDiagnosisCfg. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 51%CPEs: 2EXPL: 1CVE-2023-36953
https://notcve.org/view.php?id=CVE-2023-36953
16 Oct 2023 — TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. TOTOLINK CP300+ V5.2cu.7594_B20200910 y anteriores son vulnerables a la inyección de comandos. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 51%CPEs: 2EXPL: 1CVE-2023-36954
https://notcve.org/view.php?id=CVE-2023-36954
16 Oct 2023 — TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. TOTOLINK CP300+ V5.2cu.7594_B20200910 y anteriores son vulnerables a la inyección de comandos. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36955
https://notcve.org/view.php?id=CVE-2023-36955
16 Oct 2023 — TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Se descubrió que TOTOLINK CP300+ en versiones <=V5.2cu.7594_B20200910 contenía un desbordamiento de pila a través del parámetro File en la función UploadCustomModule. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_4.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2023-43141
https://notcve.org/view.php?id=CVE-2023-43141
25 Sep 2023 — TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. TOTOLINK A3700R V9.1.2u.6134_B20201202 y N600R V5.3c.5137 son vulnerables a un control de acceso incorrecto. • http://totolink.com • CWE-284: Improper Access Control •