CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0579 – Totolink X2000R formMapDelDevice command injection
https://notcve.org/view.php?id=CVE-2024-0579
16 Jan 2024 — A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7222 – Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow
https://notcve.org/view.php?id=CVE-2023-7222
09 Jan 2024 — A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. • https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51133
https://notcve.org/view.php?id=CVE-2023-51133
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRoute. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/26/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51135
https://notcve.org/view.php?id=CVE-2023-51135
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formPasswordSetup. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/29/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51136
https://notcve.org/view.php?id=CVE-2023-51136
30 Dec 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formRebootSchedule. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/28/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46540
https://notcve.org/view.php?id=CVE-2023-46540
25 Oct 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formNtp. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46541
https://notcve.org/view.php?id=CVE-2023-46541
25 Oct 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formIpv6Setup. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46542
https://notcve.org/view.php?id=CVE-2023-46542
25 Oct 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formMeshUploadConfig. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46543
https://notcve.org/view.php?id=CVE-2023-46543
25 Oct 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formWlSiteSurvey. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46544
https://notcve.org/view.php?id=CVE-2023-46544
25 Oct 2023 — TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. Se descubrió que TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web contenía un desbordamiento de pila a través de la función formWirelessTbl. • https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md • CWE-787: Out-of-bounds Write •