CVE-2021-42872
https://notcve.org/view.php?id=CVE-2021-42872
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. TOTOLINK EX1200T versión V4.1.2cu.5215, está afectado por una vulnerabilidad de inyección de comandos que puede ejecutar remotamente código arbitrario • http://ex1200t.com http://totolink.net https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-29377
https://notcve.org/view.php?id=CVE-2022-29377
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. Se ha detectado que Totolink A3600R versión V4.1.2cu.5182_B20201102, contiene un desbordamiento de pila en la función fread en el archivo infostat.cgi. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio del parámetro CONTENT_LENGTH • https://github.com/molezsbd/iot-cve/tree/master/totolink/a3600r • CWE-787: Out-of-bounds Write •
CVE-2022-29646
https://notcve.org/view.php?id=CVE-2022-29646
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Un problema de control de acceso en TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 permite a atacantes obtener información confidencial por medio de una petición web diseñada • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/9.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-29645
https://notcve.org/view.php?id=CVE-2022-29645
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para root almacenada en el componente /etc/shadow.sample • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29644
https://notcve.org/view.php?id=CVE-2022-29644
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para el servicio telnet almacenada en el componente /web_cste/cgi-bin/product.ini • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md • CWE-798: Use of Hard-coded Credentials •