Vulnerabilities > Totolink > N200Re Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-08 | CVE-2024-0298 | OS Command Injection vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216 A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. | 9.8 |
2024-01-08 | CVE-2024-0296 | Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216 A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. | 9.8 |
2023-05-18 | CVE-2023-2790 | Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6255B20211224 A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. | 5.5 |
2022-05-02 | CVE-2020-23617 | Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | 6.1 |
2020-01-27 | CVE-2019-19824 | OS Command Injection vulnerability in Totolink products On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. | 8.8 |
2020-01-27 | CVE-2019-19823 | Insufficiently Protected Credentials vulnerability in multiple products A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. | 7.5 |
2020-01-27 | CVE-2019-19822 | Missing Authentication for Critical Function vulnerability in multiple products A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). | 7.5 |
2020-01-27 | CVE-2019-19825 | Improper Authentication vulnerability in Totolink products On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. | 9.8 |