CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12352 – TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow
https://notcve.org/view.php?id=CVE-2024-12352
09 Dec 2024 — A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zheng0064/cve/blob/main/StackOverFlow-CVE.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51141
https://notcve.org/view.php?id=CVE-2024-51141
15 Nov 2024 — An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components. • https://infosecwriteups.com/dll-hijacking-in-totolink-a600ub-driver-installer-13787c4d97b4 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2024-10966 – TOTOLINK X18 cstecgi.cgi os command injection
https://notcve.org/view.php?id=CVE-2024-10966
07 Nov 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Dreamy-elfland/240914 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10654 – TOTOLINK LR350 formLoginAuth.htm authorization
https://notcve.org/view.php?id=CVE-2024-10654
01 Nov 2024 — A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/c0nyy/IoT_vuln • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9001 – TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-9001
19 Sep 2024 — A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. • https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46424
https://notcve.org/view.php?id=CVE-2024-46424
16 Sep 2024 — TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/UploadCustomModule.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-46419
https://notcve.org/view.php?id=CVE-2024-46419
16 Sep 2024 — TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2024-46451
https://notcve.org/view.php?id=CVE-2024-46451
16 Sep 2024 — TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. • https://github.com/vidura2/CVE-2024-46451 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8869 – TOTOLINK A720R exportOvpn os command injection
https://notcve.org/view.php?id=CVE-2024-8869
15 Sep 2024 — A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?ctiid.277506 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8580 – TOTOLINK AC1200 T8 shadow.sample hard-coded password
https://notcve.org/view.php?id=CVE-2024-8580
08 Sep 2024 — A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/shadow.md • CWE-259: Use of Hard-coded Password •