CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34257
https://notcve.org/view.php?id=CVE-2024-34257
08 May 2024 — TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. TOTOLINK EX1800T V9.1.0cu.2112_B20220316 tiene una vulnerabilidad en el parámetro apcliEncrypType que permite la ejecución no autorizada de comandos arbitrarios, permitiendo a un atacante obtener privilegios de administrador del dispositivo. • https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-52026
https://notcve.org/view.php?id=CVE-2023-52026
12 Jan 2024 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface Se descubrió que TOTOlink EX1800T V9.1.0cu.2112_B20220316 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro telnet_enabled de la interfaz setTelnetCfg • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51011
https://notcve.org/view.php?id=CVE-2023-51011
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanPriDns de la interfaz setLanConfig de cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanPriDns •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51012
https://notcve.org/view.php?id=CVE-2023-51012
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanGateway de la interfaz setLanConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanGateway •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51013
https://notcve.org/view.php?id=CVE-2023-51013
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanNetmask de la interfaz setLanConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanNetmask •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51014
https://notcve.org/view.php?id=CVE-2023-51014
22 Dec 2023 — TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi TOTOLINK EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanSecDns de la interfaz setLanConfig de cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig_lanSecDns • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51015
https://notcve.org/view.php?id=CVE-2023-51015
22 Dec 2023 — TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi TOTOLINX EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios en 'enable parameter' de la interfaz setDmzCfg del cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setDmzCfg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51016
https://notcve.org/view.php?id=CVE-2023-51016
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en la interfaz setRebootScheCfg de cstecgi .cgi. • https://815yang.github.io/2023/12/10/EX1800T/TOTOlink%20EX1800T_V9.1.0cu.2112_B20220316%28setRebootScheCfg%29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51017
https://notcve.org/view.php?id=CVE-2023-51017
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro lanIp de la interfaz setLanConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanIp •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-51018
https://notcve.org/view.php?id=CVE-2023-51018
22 Dec 2023 — TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro 'opmode' de la interfaz setWiFiApConfig de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setWiFiApConfig-opmode •