Vulnerabilities > Totolink > A3700R Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-52027 Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
network
low complexity
totolink CWE-77
critical
9.8
2024-01-11 CVE-2023-52028 Unspecified vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.
network
low complexity
totolink
critical
9.8
2024-01-11 CVE-2023-52029 Unspecified vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.
network
low complexity
totolink
critical
9.8
2024-01-11 CVE-2023-52030 Unspecified vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
network
low complexity
totolink
critical
9.8
2024-01-11 CVE-2023-52031 Unspecified vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
network
low complexity
totolink
critical
9.8
2023-12-22 CVE-2023-50147 OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
network
low complexity
totolink CWE-78
critical
9.8
2023-11-20 CVE-2023-48192 Code Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
local
low complexity
totolink CWE-94
7.8
2023-10-25 CVE-2023-46574 Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
9.8
2023-09-25 CVE-2023-43141 Unspecified vulnerability in Totolink A3700R Firmware and N600R Firmware
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
network
low complexity
totolink
critical
9.8
2022-08-25 CVE-2022-36458 OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202
TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.
local
low complexity
totolink CWE-78
7.8