CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2024-10966 – TOTOLINK X18 cstecgi.cgi os command injection
https://notcve.org/view.php?id=CVE-2024-10966
07 Nov 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Dreamy-elfland/240914 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29798
https://notcve.org/view.php?id=CVE-2023-29798
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://sore-pail-31b.notion.site/Command-Injection-4-ea4969f635f54fe5b2f575e93443a4e0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29799
https://notcve.org/view.php?id=CVE-2023-29799
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. • https://sore-pail-31b.notion.site/Command-Inject-6-3ee0faa243134ae2bc20e6670d80bada • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29800
https://notcve.org/view.php?id=CVE-2023-29800
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. • https://sore-pail-31b.notion.site/Command-Injection-5-e88b72309a3c4e20b7469b3679c0c7d9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29801
https://notcve.org/view.php?id=CVE-2023-29801
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. • https://sore-pail-31b.notion.site/Command-Injection-2-af41252fe96244209589d4e6da9aa7b7 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 3EXPL: 1CVE-2023-29802
https://notcve.org/view.php?id=CVE-2023-29802
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. • https://sore-pail-31b.notion.site/Command-Injection-3-8eb94b608bcd48f8aa4e983d2d1c4526 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 1CVE-2023-29803
https://notcve.org/view.php?id=CVE-2023-29803
14 Apr 2023 — TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. • https://sore-pail-31b.notion.site/Command-Inject-1-4a37b0679f69478285d1ba640e5f0897 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •