CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-0942 – Totolink N200RE V5 cstecgi.cgi session expiration
https://notcve.org/view.php?id=CVE-2024-0942
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. • https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing https://vuldb.com/?ctiid.252186 https://vuldb.com/?id.252186 https://vuldb.com/?submit.269679 https://youtu.be/b0tU2CiLbnU • CWE-613: Insufficient Session Expiration •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46025
https://notcve.org/view.php?id=CVE-2022-46025
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. Totolink N200RE_V5 V9.3.5u.6255_B20211224 es vulnerable a un control de acceso incorrecto. El dispositivo permite a atacantes remotos obtener información del sistema Wi-Fi, como el SSID y la contraseña de Wi-Fi, sin iniciar sesión en la página de administración. • https://pastebin.com/aan5jT40 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4746 – TOTOLINK N200RE V5 Validity_check format string
https://notcve.org/view.php?id=CVE-2023-4746
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. • https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 https://vuldb.com/?ctiid.238635 https://vuldb.com/?id.238635 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2022-48113
https://notcve.org/view.php?id=CVE-2022-48113
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. • https://wefir.blogspot.com/2022/12/totolink-n200rev5-telnet-backdoor.html • CWE-798: Use of Hard-coded Credentials •