Totolink Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink X6000r Firmware21 vulnerabilities

Totolink A3600r Firmware18 vulnerabilities

Totolink X2000r Firmware17 vulnerabilities

Totolink T8 Firmware14 vulnerabilities

Totolink X5000r Firmware12 vulnerabilities

Totolink A3300r Firmware9 vulnerabilities

Totolink A3700r Firmware7 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink Ex1800t Firmware6 vulnerabilities

Totolink A3100r Firmware4 vulnerabilities

Totolink N350rt Firmware3 vulnerabilities

Totolink A3002r Firmware2 vulnerabilities

Totolink Cp450 Firmware2 vulnerabilities

Totolink Cp900 Firmware2 vulnerabilities

Totolink Ex200 Firmware2 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink A7000r Firmware2 vulnerabilities

Totolink Lr350 Firmware2 vulnerabilities

Totolink T10 Firmware2 vulnerabilities

Totolink A6000r Firmware1 vulnerability

Totolink X18 Firmware1 vulnerability

Totolink A720r Firmware1 vulnerability

Totolink A7100ru Firmware1 vulnerability

Totolink A3000ru Firmware1 vulnerability

Totolink Cp300 Firmware1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Totolink. Last year, in 2024 Totolink had 98 security vulnerabilities published. Right now, Totolink is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 98 9.00
2023 44 9.64
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

TOTOLINK EX1800T Stack-Based Buffer Overflow in cstecgi.cgi

CVE-2024-12352 9.8 - Critical - December 09, 2024

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering

CVE-2024-52723 9.8 - Critical - November 22, 2024

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Shell injection

TOTOLINK X18 OS Command Injection via cstecgi.cgi - November 2024

CVE-2024-10966 8.8 - High - November 07, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207

CVE-2024-9001 8.8 - High - September 19, 2024

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function

CVE-2024-46419 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

Classic Buffer Overflow

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function

CVE-2024-46451 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

Classic Buffer Overflow

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which

CVE-2024-46424 7.5 - High - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.

Classic Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5

CVE-2024-8869 8.1 - High - September 15, 2024

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220

CVE-2024-8580 8.1 - High - September 08, 2024

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Password

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220

CVE-2024-8579 9.8 - Critical - September 08, 2024

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220

CVE-2024-8578 8.8 - High - September 08, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical

CVE-2024-8575 8.8 - High - September 08, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical

CVE-2024-8574 8.8 - High - September 08, 2024

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207

CVE-2024-8573 8.8 - High - September 08, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow

CVE-2024-34195 9.8 - Critical - August 28, 2024

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.

Memory Corruption

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207

CVE-2024-8162 9.8 - Critical - August 26, 2024

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228

CVE-2024-8079 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228

CVE-2024-8078 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228

CVE-2024-8077 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical

CVE-2024-8076 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical

CVE-2024-8075 9.8 - Critical - August 22, 2024

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical

CVE-2024-7909 9.8 - Critical - August 18, 2024

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023

CVE-2024-7908 9.8 - Critical - August 18, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719

CVE-2024-7907 9.8 - Critical - August 18, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309

CVE-2024-42967 9.8 - Critical - August 15, 2024

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216

CVE-2024-42966 9.8 - Critical - August 15, 2024

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42739 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg

CVE-2024-42738 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist

CVE-2024-42737 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg

CVE-2024-42748 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg

CVE-2024-42747 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg

CVE-2024-42745 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42744 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg

CVE-2024-42743 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42742 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42741 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

CVE-2024-42547 9.8 - Critical - August 12, 2024

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

Classic Buffer Overflow

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.

CVE-2024-42546 9.8 - Critical - August 12, 2024

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.

Classic Buffer Overflow

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.

CVE-2024-42545 9.8 - Critical - August 12, 2024

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.

Classic Buffer Overflow

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

CVE-2024-42543 9.8 - Critical - August 12, 2024

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

Classic Buffer Overflow

TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa

CVE-2024-42520 9.8 - Critical - August 12, 2024

TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224

CVE-2024-7465 9.8 - Critical - August 05, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566

CVE-2024-7464 9.8 - Critical - August 05, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566

CVE-2024-7463 9.8 - Critical - August 05, 2024

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216

CVE-2024-7462 9.8 - Critical - August 05, 2024

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023

CVE-2024-7338 8.8 - High - August 01, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023

CVE-2024-7337 8.8 - High - August 01, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211

CVE-2024-7336 8.8 - High - August 01, 2024

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211

CVE-2024-7335 8.8 - High - August 01, 2024

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023

CVE-2024-7334 8.8 - High - August 01, 2024

A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216

CVE-2024-7333 8.8 - High - August 01, 2024

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224

CVE-2024-7332 9.8 - Critical - August 01, 2024

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical

CVE-2024-7331 8.8 - High - August 01, 2024

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884

CVE-2024-7217 8.8 - High - July 30, 2024

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832

CVE-2024-7216 5.3 - Medium - July 30, 2024

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Password

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical

CVE-2024-7215 8.8 - High - July 30, 2024

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical

CVE-2024-7214 8.8 - High - July 30, 2024

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504

CVE-2024-7213 8.8 - High - July 30, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504

CVE-2024-7212 8.8 - High - July 30, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7187 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7186 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical

CVE-2024-7185 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical

CVE-2024-7184 8.8 - High - July 29, 2024

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7183 8.8 - High - July 29, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7182 8.8 - High - July 29, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7181 8.8 - High - July 29, 2024

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7180 8.8 - High - July 29, 2024

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7179 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7178 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7177 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical

CVE-2024-7176 8.8 - High - July 29, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical

CVE-2024-7175 8.8 - High - July 29, 2024

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7174 8.8 - High - July 29, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7173 8.8 - High - July 29, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The attack may be launched remotely. VDB-272594 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7172 8.8 - High - July 28, 2024

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7171 8.8 - High - July 28, 2024

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185

CVE-2024-7170 8.8 - High - July 28, 2024

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513

CVE-2024-7160 8.8 - High - July 28, 2024

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102

CVE-2024-7159 8.8 - High - July 28, 2024

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Password

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504

CVE-2024-7158 8.8 - High - July 28, 2024

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504

CVE-2024-7157 8.8 - High - July 28, 2024

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic

CVE-2024-7156 7.5 - High - July 28, 2024

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic

CVE-2024-7155 4.7 - Medium - July 28, 2024

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513

CVE-2024-7154 7.5 - High - July 28, 2024

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Missing Authentication for Critical Function

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability

CVE-2024-41319 9.8 - Critical - July 23, 2024

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.

Command Injection

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow

CVE-2024-37635 9.8 - Critical - June 13, 2024

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg

Classic Buffer Overflow

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow

CVE-2024-37632 9.8 - Critical - June 13, 2024

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719

CVE-2024-2353 8.8 - High - March 10, 2024

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719

CVE-2024-1661 5.5 - Medium - February 20, 2024

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113

CVE-2024-25468 7.5 - High - February 17, 2024

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.

Shell injection

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-24328 9.8 - Critical - January 30, 2024

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

Shell injection

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-24326 9.8 - Critical - January 30, 2024

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

Shell injection

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719

CVE-2023-52040 9.8 - Critical - January 24, 2024

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

Command Injection

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719

CVE-2023-52042 9.8 - Critical - January 16, 2024

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-52026 9.8 - Critical - January 12, 2024

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23057 9.8 - Critical - January 11, 2024

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

Shell injection

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23058 9.8 - Critical - January 11, 2024

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

Shell injection

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control

CVE-2022-46025 9.1 - Critical - January 10, 2024

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the enable parameter of the setDmzCfg interface of the cstecgi .cgi

CVE-2023-51015 9.8 - Critical - December 22, 2023

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the enable parameter of the setDmzCfg interface of the cstecgi .cgi

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution

CVE-2023-51034 9.8 - Critical - December 22, 2023

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.

Unrestricted File Upload

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.