CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7095 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-7095
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/2.md https://vuldb.com/?ctiid.248942 https://vuldb.com/?id.248942 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6906 – Totolink A7100RU HTTP POST Request main buffer overflow
https://notcve.org/view.php?id=CVE-2023-6906
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/unpWn4bL3/iot-security/blob/main/1.md https://vuldb.com/?ctiid.248268 https://vuldb.com/?id.248268 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 54%CPEs: 2EXPL: 1CVE-2023-33556
https://notcve.org/view.php?id=CVE-2023-33556
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. • https://github.com/Am1ngl/ttt/tree/main/37 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30054
https://notcve.org/view.php?id=CVE-2023-30054
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. • https://github.com/Am1ngl/ttt/tree/main/161 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30053
https://notcve.org/view.php?id=CVE-2023-30053
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. • https://github.com/Am1ngl/ttt/tree/main/160 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •