CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33486
https://notcve.org/view.php?id=CVE-2023-33486
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33487
https://notcve.org/view.php?id=CVE-2023-33487
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-2790 – TOTOLINK N200RE Telnet Service custom.conf password in configuration file
https://notcve.org/view.php?id=CVE-2023-2790
18 May 2023 — A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link • CWE-260: Password in Configuration File •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-31729
https://notcve.org/view.php?id=CVE-2023-31729
18 May 2023 — TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-31856
https://notcve.org/view.php?id=CVE-2023-31856
16 May 2023 — A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. • https://github.com/xiangbulala/CVE/blob/main/totlink.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 1CVE-2023-30013 – TOTOLINK Wireless Routers Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-30013
05 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. • http://packetstormsecurity.com/files/174799/TOTOLINK-Wireless-Routers-Remote-Command-Execution.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30053
https://notcve.org/view.php?id=CVE-2023-30053
05 May 2023 — TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. • https://github.com/Am1ngl/ttt/tree/main/160 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30054
https://notcve.org/view.php?id=CVE-2023-30054
05 May 2023 — TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. • https://github.com/Am1ngl/ttt/tree/main/161 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29798
https://notcve.org/view.php?id=CVE-2023-29798
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://sore-pail-31b.notion.site/Command-Injection-4-ea4969f635f54fe5b2f575e93443a4e0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29799
https://notcve.org/view.php?id=CVE-2023-29799
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. • https://sore-pail-31b.notion.site/Command-Inject-6-3ee0faa243134ae2bc20e6670d80bada • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •