CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37146
https://notcve.org/view.php?id=CVE-2023-37146
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. • https://github.com/DaDong-G/Vulnerability_info/tree/main/TOTOLINK/lr350/2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37148
https://notcve.org/view.php?id=CVE-2023-37148
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. • https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/3/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37149
https://notcve.org/view.php?id=CVE-2023-37149
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. • https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/4/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37170
https://notcve.org/view.php?id=CVE-2023-37170
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37171
https://notcve.org/view.php?id=CVE-2023-37171
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37172
https://notcve.org/view.php?id=CVE-2023-37172
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37173
https://notcve.org/view.php?id=CVE-2023-37173
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-33556
https://notcve.org/view.php?id=CVE-2023-33556
07 Jun 2023 — TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/37 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31569
https://notcve.org/view.php?id=CVE-2023-31569
06 Jun 2023 — TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. • http://totolink.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33485
https://notcve.org/view.php?id=CVE-2023-33485
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5 • CWE-787: Out-of-bounds Write •