CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 1CVE-2022-32449
https://notcve.org/view.php?id=CVE-2022-32449
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. Se ha detectado que TOTOLINK EX300_V2 versión V4.0.3c.7484, contiene una vulnerabilidad de inyección de comandos por medio del parámetro langType en la función setLanguageCfg. Esta vulnerabilidad es explotable por medio de un paquete de datos MQTT diseñado • https://github.com/winmt/CVE/blob/main/TOTOLINK%20EX300_V2/README.md https://github.com/winmt/my-vuls/tree/main/TOTOLINK%20EX300_V2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43663
https://notcve.org/view.php?id=CVE-2021-43663
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente cloudupdate_check • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-43662
https://notcve.org/view.php?id=CVE-2021-43662
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. totolink EX300_v2, versión V4.0.3c.140_B20210429 y A720R ,versión V4.1.5cu.470_B20200911, presentan un problema que causa un consumo no controlado de recursos • https://github.com/chibataiki/iot-vuls/blob/main/totolink/dos.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43661
https://notcve.org/view.php?id=CVE-2021-43661
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejada por medio del componente /home.asp • https://github.com/chibataiki/iot-vuls/blob/main/totolink/xss-vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 1CVE-2021-43664
https://notcve.org/view.php?id=CVE-2021-43664
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente process forceugpo • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •