CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22660
https://notcve.org/view.php?id=CVE-2024-22660
23 Jan 2024 — TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg TOTOLINK_A3700R_V9.1.2u.6165_20211012 tiene una vulnerabilidad de desbordamiento en la región stack de la memoria a través de setLanguageCfg • https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22662
https://notcve.org/view.php?id=CVE-2024-22662
23 Jan 2024 — TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules TOTOLINK A3700R_V9.1.2u.6165_20211012 tiene una vulnerabilidad de desbordamiento en la región stack de la memoria a través de setParentalRules • https://github.com/Covteam/iot_vuln/tree/main/setParentalRules • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 66%CPEs: 2EXPL: 1CVE-2024-22663
https://notcve.org/view.php?id=CVE-2024-22663
23 Jan 2024 — TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg TOTOLINK_A3700R_V9.1.2u.6165_20211012 tiene una vulnerabilidad de inyección de comando a través de setOpModeCfg • https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-46574
https://notcve.org/view.php?id=CVE-2023-46574
24 Oct 2023 — An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. Un problema en TOTOLINK A3700R v.9.1.2u.6165_20211012 permite a un atacante remoto ejecutar código arbitrario a través del parámetro FileName de la función UploadFirmwareFile. • https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •