CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42736
https://notcve.org/view.php?id=CVE-2024-42736
13 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/addBlacklist/addBlacklist.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42737
https://notcve.org/view.php?id=CVE-2024-42737
13 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/delBlacklist/delBlacklist.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42738
https://notcve.org/view.php?id=CVE-2024-42738
13 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setDmzCfg/setDmzCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42739
https://notcve.org/view.php?id=CVE-2024-42739
13 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setAccessDeviceCfg/setAccessDeviceCfg.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42740
https://notcve.org/view.php?id=CVE-2024-42740
13 Aug 2024 — In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setLedCfg/setLedCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-42520
https://notcve.org/view.php?id=CVE-2024-42520
12 Aug 2024 — TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. • https://github.com/c10uds/totolink_A3002R_stackoverflow • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42543
https://notcve.org/view.php?id=CVE-2024-42543
12 Aug 2024 — TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-42545
https://notcve.org/view.php?id=CVE-2024-42545
12 Aug 2024 — TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42546
https://notcve.org/view.php?id=CVE-2024-42546
12 Aug 2024 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth_password.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-42547
https://notcve.org/view.php?id=CVE-2024-42547
12 Aug 2024 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •