CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42546
https://notcve.org/view.php?id=CVE-2024-42546
12 Aug 2024 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth_password.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-42547
https://notcve.org/view.php?id=CVE-2024-42547
12 Aug 2024 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7158 – TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection
https://notcve.org/view.php?id=CVE-2024-7158
28 Jul 2024 — A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3100R/setTelnetCfg.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7157 – TOTOLINK A3100R getSaveConfig buffer overflow
https://notcve.org/view.php?id=CVE-2024-7157
28 Jul 2024 — A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3100R/getSaveConfig.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36650
https://notcve.org/view.php?id=CVE-2024-36650
11 Jun 2024 — TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, en la función cgi `setNoticeCfg` del archivo `/lib/... • https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 1%CPEs: 12EXPL: 2CVE-2022-28935
https://notcve.org/view.php?id=CVE-2022-28935
06 Jul 2022 — Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. Totolink A830R versión V5.9c.4729_B20191112, Totolink A3100R versión V4.1.2cu.5050_B20200504, Totolink A950RG versión V4.1.2cu.5161_B20200903, Totolink A800R versión V4.1.2cu.5137 B20200730, Totolink A3000RU versi... • https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29646
https://notcve.org/view.php?id=CVE-2022-29646
18 May 2022 — An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Un problema de control de acceso en TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 permite a atacantes obtener información confidencial por medio de una petición web diseñada • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/9.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-29645
https://notcve.org/view.php?id=CVE-2022-29645
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para root almacenada en el componente /etc/shadow.sample • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29644
https://notcve.org/view.php?id=CVE-2022-29644
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para el servicio telnet almacenada en el componente /web_cste/cgi-bin/product.ini • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29643
https://notcve.org/view.php?id=CVE-2022-29643
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro macAddress en la función setMacQos. Esta vulnerabilidad permite a atacantes causar una D... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/6.md • CWE-787: Out-of-bounds Write •