Vulnerabilities > Totolink > Ex1200T Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-52032 Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5232B20210713
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
network
low complexity
totolink
critical
9.8
2022-06-03 CVE-2021-42893 Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
network
low complexity
totolink CWE-306
7.5
2022-06-03 CVE-2021-42892 Use of Hard-coded Credentials vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
network
low complexity
totolink CWE-798
4.3
2022-06-03 CVE-2021-42891 Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.
network
low complexity
totolink CWE-306
7.5
2022-06-03 CVE-2021-42889 Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.
network
low complexity
totolink CWE-306
7.5
2022-06-03 CVE-2021-42890 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-03 CVE-2021-42888 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-03 CVE-2021-42886 Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
network
low complexity
totolink CWE-200
7.5
2022-06-03 CVE-2021-42887 Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
network
low complexity
totolink
critical
9.8
2022-06-03 CVE-2021-42884 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
network
low complexity
totolink CWE-78
critical
9.8