CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9001 – TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-9001
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. • https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md https://vuldb.com/?ctiid.278152 https://vuldb.com/?id.278152 https://vuldb.com/?submit.406140 https://www.totolink.net • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8869 – TOTOLINK A720R exportOvpn os command injection
https://notcve.org/view.php?id=CVE-2024-8869
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?ctiid.277506 https://vuldb.com/?id.277506 https://vuldb.com/?submit.403211 https://www.totolink.net • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8577 – TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-8577
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setStaticDhcpRules.md https://vuldb.com/?ctiid.276811 https://vuldb.com/?id.276811 https://vuldb.com/?submit.401265 https://www.totolink.net • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8576 – TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-8576
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setIpPortFilterRules.md https://vuldb.com/?ctiid.276810 https://vuldb.com/?id.276810 https://vuldb.com/?submit.401264 https://www.totolink.net • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8573 – TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-8573
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md https://vuldb.com/?ctiid.276807 https://vuldb.com/?id.276807 https://vuldb.com/?submit.401262 https://www.totolink.net • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •