CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-29645
https://notcve.org/view.php?id=CVE-2022-29645
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para root almacenada en el componente /etc/shadow.sample • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29644
https://notcve.org/view.php?id=CVE-2022-29644
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para el servicio telnet almacenada en el componente /web_cste/cgi-bin/product.ini • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29643
https://notcve.org/view.php?id=CVE-2022-29643
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro macAddress en la función setMacQos. Esta vulnerabilidad permite a atacantes causar una D... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/6.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29642
https://notcve.org/view.php?id=CVE-2022-29642
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por el parámetro url en la función setUrlFilterRules. Esta vulnerabilidad permite a atacantes causar una Denega... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/5.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29641
https://notcve.org/view.php?id=CVE-2022-29641
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 contienen un desbordamiento de pila a través de los parámetros startTime y endTime en la función setParentalRules. Esta vulnerabilidad permite ... • http://totolink.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29640
https://notcve.org/view.php?id=CVE-2022-29640
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setPortForwardRules. Esta vulnerabilidad permite a atacante... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/3.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29638
https://notcve.org/view.php?id=CVE-2022-29638
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setIpQosRules. Esta vulnerabilidad permite a atacantes causar una... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/2.md • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29639
https://notcve.org/view.php?id=CVE-2022-29639
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una vulnerabilidad de inyección de comando por medio del parámetro magicid en la función uci_cloudupdate_config • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/1.md •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29398
https://notcve.org/view.php?id=CVE-2022-29398
10 May 2022 — TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. Se ha detectado que TOTOLINK N600R versión V4.3.0cu.7647_B20210106, contiene un desbordamiento de pila por medio del parámetro File en la función FUN_0041309c • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/7.UploadCustomModule • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29399
https://notcve.org/view.php?id=CVE-2022-29399
10 May 2022 — TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. Se ha detectado que TOTOLINK N600R versión V4.3.0cu.7647_B20210106, contiene un desbordamiento de pila por medio del parámetro url en la función FUN_00415bf0 • https://github.com/d1tto/IoT-vuln/tree/main/Totolink/9.setUrlFilterRules • CWE-787: Out-of-bounds Write •