Vulnerabilities > Totolink > N200Re Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2024-0298 OS Command Injection vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-08 CVE-2024-0296 Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.
network
low complexity
totolink
critical
9.8
2023-05-18 CVE-2023-2790 Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6255B20211224
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224.
local
low complexity
totolink
5.5
2022-05-02 CVE-2020-23617 Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
network
low complexity
totolink CWE-79
6.1
2020-01-27 CVE-2019-19824 OS Command Injection vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available.
network
low complexity
totolink CWE-78
8.8
2020-01-27 CVE-2019-19823 Insufficiently Protected Credentials vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file.
7.5
2020-01-27 CVE-2019-19822 Missing Authentication for Critical Function vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords).
7.5
2020-01-27 CVE-2019-19825 Improper Authentication vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass.
network
low complexity
totolink CWE-287
critical
9.8