CVE-2022-38827
https://notcve.org/view.php?id=CVE-2022-38827
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable al desbordamiento del búfer a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_2.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-38828
https://notcve.org/view.php?id=CVE-2022-38828
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable a la inyección de comandos a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-38535
https://notcve.org/view.php?id=CVE-2022-38535
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. Se ha detectado que TOTOLINK-720R versión v4.1.5cu.374, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función setTracerouteCfg • https://github.com/Jfox816/TOTOLINK-720R/blob/177ee39a5a8557a6bd19586731b0e624548b67ee/totolink%20720%20RCode%20Execution2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-38534
https://notcve.org/view.php?id=CVE-2022-38534
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. Se ha detectado que TOTOLINK-720R versión v4.1.5cu.374, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función setdiagnosicfg • https://github.com/Jfox816/TOTOLINK-720R/blob/fb6ba109ba9c5bd1b0d8e22c88ee14bdc4a75e6b/TOTOLINK%20720%20RCode%20Execution.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-38308
https://notcve.org/view.php?id=CVE-2022-38308
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Se ha detectado que TOTOLink A700RU versión V7.4cu.2313_B20191024, contiene una vulnerabilidad de inyección de comandos por medio del parámetro lang en la función cstesystem. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una carga útil diseñada • https://github.com/WhoisZkuan/TOTOlink-A700RU • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •