CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32327
https://notcve.org/view.php?id=CVE-2024-32327
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el reenvío de puertos en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_5_Port_Forwarding/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32332
https://notcve.org/view.php?id=CVE-2024-32332
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de Cross Site Scripting (XSS) en la configuración de WDS en la página inalámbrica. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_1_WDS_Settings/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32333
https://notcve.org/view.php?id=CVE-2024-32333
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado MAC en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_3_MAC_Filtering/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32334
https://notcve.org/view.php?id=CVE-2024-32334
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado de IP/puerto en la página de firewall. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_4_IP_Port_Filtering/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32335
https://notcve.org/view.php?id=CVE-2024-32335
18 Apr 2024 — TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el control de acceso en la página inalámbrica. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/N300RT/XSS_2_Access_Control/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48860
https://notcve.org/view.php?id=CVE-2023-48860
07 Dec 2023 — TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. TOTOLINK N300RT versión 3.2.4-B20180730.0906 tiene un RCE de autenticación posterior debido a un control de acceso incorrecto, lo que permite a los atacantes eludir las restricciones de seguridad del front-end y ejecutar código arbitrario. • https://github.com/xieqiang11/security_research/blob/main/TOTOLINK-N300RT-RCE.md •
CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 1CVE-2020-25499
https://notcve.org/view.php?id=CVE-2020-25499
09 Dec 2020 — TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. TOTOLINK A3002RU-V2.0.0 versión B20190814.1034, permite a usuarios remotos autenticados modificar el "Run Command" del sistema. Un atacante puede usar esta funcionalidad para ejecutar comandos arbitrarios del sistema operativo en el enrutador • https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2015-9550
https://notcve.org/view.php?id=CVE-2015-9550
24 Nov 2020 — An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. Se detectó un problema en los dispositivos TOTOLINK A850R-V1 versiones hasta 1.0.1-B20150707.1612 y F1-V2 versiones hasta 1.1-B20150708.1646. Mediante el envío de un paquete hel,xasf específico hacia la interfaz WAN, es posible abrir la interfaz de admi... • https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 1CVE-2015-9551
https://notcve.org/view.php?id=CVE-2015-9551
24 Nov 2020 — An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. Se detectó un problema en los dispositivos TOTOLINK A850R-V1 versiones hasta 1.0.1-B20150707.1612 y F1-V2 versiones hasta 1.1-B20150708.1646. Se presenta una Ejecución de Código Remota en la interfaz de administración por medio del parámetro formSysCmd sysCmd • https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 1CVE-2019-19825 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19825
24 Jan 2020 — On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT t... • http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html • CWE-287: Improper Authentication •