CVE-2022-41524
https://notcve.org/view.php?id=CVE-2022-41524
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio de los parámetros week, sTime y eTime en la función setParentalRules • https://brief-nymphea-813.notion.site/NR1800X-bof-setParentalRules-0da79b5ce7d44212b275a33b77935a42 • CWE-787: Out-of-bounds Write •
CVE-2022-41523
https://notcve.org/view.php?id=CVE-2022-41523
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. Se ha detectado que TOTOLINK NR1800X versión V9.1.0u.6279_B20210910, contiene un desbordamiento de pila autenticado por medio del parámetro command en la función setTracerouteCfg • https://brief-nymphea-813.notion.site/NR1800X-bof-setTracerouteCfg-0e29fc2fcba74a28a3e3822d71ddb2ef • CWE-787: Out-of-bounds Write •
CVE-2022-40475
https://notcve.org/view.php?id=CVE-2022-40475
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. Se ha detectado que TOTOLINK A860R versión V4.1.2cu.5182_B20201027, contiene una inyección de comandos por medio del componente /cgi-bin/downloadFile.cgi • https://github.com/1759134370/iot/blob/main/TOTOLINK/A860R/6.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-38823
https://notcve.org/view.php?id=CVE-2022-38823
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta una contraseña codificada para root en /etc/shadow.sample • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/hard_code.md • CWE-798: Use of Hard-coded Credentials •
CVE-2022-38826
https://notcve.org/view.php?id=CVE-2022-38826
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta un comando de ejecución arbitraria en cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setStaticDhcpRules_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •