CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28580
https://notcve.org/view.php?id=CVE-2022-28580
05 May 2022 — It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setL2tpServerCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28579
https://notcve.org/view.php?id=CVE-2022-28579
05 May 2022 — It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setParentalRules del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28578
https://notcve.org/view.php?id=CVE-2022-28578
05 May 2022 — It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setOpenVpnCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28577
https://notcve.org/view.php?id=CVE-2022-28577
05 May 2022 — It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz delParentalRules del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28575
https://notcve.org/view.php?id=CVE-2022-28575
05 May 2022 — It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload Se ha detectado que se presenta una vulnerabilidad de inyección de comandos en la interfaz setopenvpnclientcfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a atacantes ejecutar comandos arbitrarios mediante una carga útil cuidadosamente const... • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28584
https://notcve.org/view.php?id=CVE-2022-28584
05 May 2022 — It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiWpsStart del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-23617
https://notcve.org/view.php?id=CVE-2020-23617
02 May 2022 — A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. Una vulnerabilidad de tipo cross site scripting (XSS) en la página de error de los routers Totolink N200RE y N100RE versión 2.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio del elemento SCRIPT • http://totolink.net • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43663
https://notcve.org/view.php?id=CVE-2021-43663
30 Mar 2022 — totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente cloudupdate_check • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-43662
https://notcve.org/view.php?id=CVE-2021-43662
30 Mar 2022 — totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. totolink EX300_v2, versión V4.0.3c.140_B20210429 y A720R ,versión V4.1.5cu.470_B20200911, presentan un problema que causa un consumo no controlado de recursos • https://github.com/chibataiki/iot-vuls/blob/main/totolink/dos.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43661
https://notcve.org/view.php?id=CVE-2021-43661
30 Mar 2022 — totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejada por medio del componente /home.asp • https://github.com/chibataiki/iot-vuls/blob/main/totolink/xss-vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •