CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-0942 – Totolink N200RE V5 cstecgi.cgi session expiration
https://notcve.org/view.php?id=CVE-2024-0942
26 Jan 2024 — A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. • https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing • CWE-613: Insufficient Session Expiration •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46025
https://notcve.org/view.php?id=CVE-2022-46025
10 Jan 2024 — Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. Totolink N200RE_V5 V9.3.5u.6255_B20211224 es vulnerable a un control de acceso incorrecto. El dispositivo permite a atacantes remotos obtener información del sistema Wi-Fi, como el SSID y la contraseña de Wi-Fi, sin iniciar sesión en la página de administración. • https://pastebin.com/aan5jT40 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4746 – TOTOLINK N200RE V5 Validity_check format string
https://notcve.org/view.php?id=CVE-2023-4746
04 Sep 2023 — A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. • https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-48113
https://notcve.org/view.php?id=CVE-2022-48113
02 Feb 2023 — A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. • https://wefir.blogspot.com/2022/12/totolink-n200rev5-telnet-backdoor.html • CWE-798: Use of Hard-coded Credentials •