CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2023-33487
https://notcve.org/view.php?id=CVE-2023-33487
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2023-33486
https://notcve.org/view.php?id=CVE-2023-33486
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33485
https://notcve.org/view.php?id=CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 1CVE-2023-30013 – TOTOLINK Wireless Routers Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. • http://packetstormsecurity.com/files/174799/TOTOLINK-Wireless-Routers-Remote-Command-Execution.html https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/2 https://attackerkb.com/topics/xnX3I3PEgM/cve-2023-30013 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •