851 results (0.002 seconds)

CVSS: 7.5EPSS: %CPEs: 1EXPL: 1

27 Aug 2025 — A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.321552 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

21 Aug 2025 — A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. • https://vuldb.com/?id.320908 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Telnet/PoC.md • CWE-1391: Use of Weak Credentials •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Eval%20Injection/PoC.md • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20BOF/formFilter%20PoC.md • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20BOF/formMapDelDevice%20PoC.md • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20BOF/formPortFw%20PoC.md • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 11%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20Command%20Injection/PoC%201.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 11%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20Command%20Injection/PoC%203.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0

18 Aug 2025 — TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. • https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20Command%20Injection/PoC%202.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •