CVE-2022-28578
https://notcve.org/view.php?id=CVE-2022-28578
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setOpenVpnCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28577
https://notcve.org/view.php?id=CVE-2022-28577
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz delParentalRules del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28575
https://notcve.org/view.php?id=CVE-2022-28575
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload Se ha detectado que se presenta una vulnerabilidad de inyección de comandos en la interfaz setopenvpnclientcfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a atacantes ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28584
https://notcve.org/view.php?id=CVE-2022-28584
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiWpsStart del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-23617
https://notcve.org/view.php?id=CVE-2020-23617
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. Una vulnerabilidad de tipo cross site scripting (XSS) en la página de error de los routers Totolink N200RE y N100RE versión 2.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio del elemento SCRIPT • http://totolink.net https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •