CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7172 – TOTOLINK A3600R getSaveConfig buffer overflow
https://notcve.org/view.php?id=CVE-2024-7172
28 Jul 2024 — A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. • https://vuldb.com/?id.272593 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7171 – TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection
https://notcve.org/view.php?id=CVE-2024-7171
28 Jul 2024 — A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.272592 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7170 – TOTOLINK A3000RU product.ini hard-coded password
https://notcve.org/view.php?id=CVE-2024-7170
28 Jul 2024 — A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3000RU/product.md • CWE-259: Use of Hard-coded Password •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7160 – TOTOLINK A3700R cstecgi.cgi setWanCfg command injection
https://notcve.org/view.php?id=CVE-2024-7160
28 Jul 2024 — A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7159 – TOTOLINK A3600R Telnet Service product.ini hard-coded password
https://notcve.org/view.php?id=CVE-2024-7159
28 Jul 2024 — A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/product.md • CWE-259: Use of Hard-coded Password •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7158 – TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection
https://notcve.org/view.php?id=CVE-2024-7158
28 Jul 2024 — A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3100R/setTelnetCfg.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7157 – TOTOLINK A3100R getSaveConfig buffer overflow
https://notcve.org/view.php?id=CVE-2024-7157
28 Jul 2024 — A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3100R/getSaveConfig.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7156 – TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure
https://notcve.org/view.php?id=CVE-2024-7156
28 Jul 2024 — A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/ExportSettings.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7155 – TOTOLINK A3300R shadow.sample hard-coded password
https://notcve.org/view.php?id=CVE-2024-7155
28 Jul 2024 — A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md • CWE-259: Use of Hard-coded Password •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7154 – TOTOLINK A3700R Password Reset wizard.html access control
https://notcve.org/view.php?id=CVE-2024-7154
28 Jul 2024 — A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg_changepw.md • CWE-284: Improper Access Control •