Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2024-02-20 CVE-2024-1661 Use of Hard-coded Credentials vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719.
local
low complexity
totolink CWE-798
5.5
2024-01-30 CVE-2024-24324 Use of Hard-coded Credentials vulnerability in Totolink A8000Ru Firmware 7.1Cu.643B20200521
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
network
low complexity
totolink CWE-798
critical
9.8
2024-01-30 CVE-2024-24325 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24326 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24327 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24328 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24329 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24330 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24331 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-30 CVE-2024-24332 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
network
low complexity
totolink CWE-78
critical
9.8