CVSS: 7.2EPSS: 1%CPEs: 12EXPL: 2CVE-2022-28935
https://notcve.org/view.php?id=CVE-2022-28935
06 Jul 2022 — Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. Totolink A830R versión V5.9c.4729_B20191112, Totolink A3100R versión V4.1.2cu.5050_B20200504, Totolink A950RG versión V4.1.2cu.5161_B20200903, Totolink A800R versión V4.1.2cu.5137 B20200730, Totolink A3000RU versi... • https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29646
https://notcve.org/view.php?id=CVE-2022-29646
18 May 2022 — An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Un problema de control de acceso en TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 permite a atacantes obtener información confidencial por medio de una petición web diseñada • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/9.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-29645
https://notcve.org/view.php?id=CVE-2022-29645
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para root almacenada en el componente /etc/shadow.sample • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29644
https://notcve.org/view.php?id=CVE-2022-29644
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para el servicio telnet almacenada en el componente /web_cste/cgi-bin/product.ini • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29643
https://notcve.org/view.php?id=CVE-2022-29643
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro macAddress en la función setMacQos. Esta vulnerabilidad permite a atacantes causar una D... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/6.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29642
https://notcve.org/view.php?id=CVE-2022-29642
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por el parámetro url en la función setUrlFilterRules. Esta vulnerabilidad permite a atacantes causar una Denega... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/5.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29641
https://notcve.org/view.php?id=CVE-2022-29641
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 contienen un desbordamiento de pila a través de los parámetros startTime y endTime en la función setParentalRules. Esta vulnerabilidad permite ... • http://totolink.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29640
https://notcve.org/view.php?id=CVE-2022-29640
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setPortForwardRules. Esta vulnerabilidad permite a atacante... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/3.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29638
https://notcve.org/view.php?id=CVE-2022-29638
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setIpQosRules. Esta vulnerabilidad permite a atacantes causar una... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/2.md • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29639
https://notcve.org/view.php?id=CVE-2022-29639
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una vulnerabilidad de inyección de comando por medio del parámetro magicid en la función uci_cloudupdate_config • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/1.md •