CVE-2024-22529
https://notcve.org/view.php?id=CVE-2024-22529
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 tiene una vulnerabilidad de inyección de comando en el sub_449040 (función de manejo de formUploadFile) de /bin/boa. • https://github.com/unpWn4bL3/iot-security/blob/main/29.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-52038
https://notcve.org/view.php?id=CVE-2023-52038
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415C80. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-52039
https://notcve.org/view.php?id=CVE-2023-52039
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415AA4. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-52040
https://notcve.org/view.php?id=CVE-2023-52040
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_41284C. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-253: Incorrect Check of Function Return Value •
CVE-2024-22660
https://notcve.org/view.php?id=CVE-2024-22660
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg TOTOLINK_A3700R_V9.1.2u.6165_20211012 tiene una vulnerabilidad de desbordamiento en la región stack de la memoria a través de setLanguageCfg • https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg • CWE-787: Out-of-bounds Write •