CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7462 – TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-7462
05 Aug 2024 — A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7338 – TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-7338
01 Aug 2024 — A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7337 – TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow
https://notcve.org/view.php?id=CVE-2024-7337
01 Aug 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7336 – TOTOLINK EX200 cstecgi.cgi loginauth buffer overflow
https://notcve.org/view.php?id=CVE-2024-7336
01 Aug 2024 — A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7335 – TOTOLINK EX200 getSaveConfig buffer overflow
https://notcve.org/view.php?id=CVE-2024-7335
01 Aug 2024 — A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7334 – TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow
https://notcve.org/view.php?id=CVE-2024-7334
01 Aug 2024 — A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. • https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7333 – TOTOLINK N350RT cstecgi.cgi setParentalRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-7333
01 Aug 2024 — A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/135a/IoT-vulnerable/blob/main/TOTOLINK/N350RT/setParentalRules.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2024-7332 – TOTOLINK CP450 Telnet Service product.ini hard-coded password
https://notcve.org/view.php?id=CVE-2024-7332
01 Aug 2024 — A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md • CWE-259: Use of Hard-coded Password •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7331 – TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow
https://notcve.org/view.php?id=CVE-2024-7331
01 Aug 2024 — A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7217 – TOTOLINK CA300-PoE cstecgi.cgi loginauth buffer overflow
https://notcve.org/view.php?id=CVE-2024-7217
30 Jul 2024 — A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CA300-PoE/loginauth_password.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •