Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2023-08-18 CVE-2023-4411 OS Command Injection vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2023-08-08 CVE-2023-40041 Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so.
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2023-08-08 CVE-2023-40042 Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so.
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2023-07-17 CVE-2023-34669 Unspecified vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
network
low complexity
totolink
7.5
7.5
2023-07-07 CVE-2023-37170 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2023-07-07 CVE-2023-37171 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2023-07-07 CVE-2023-37172 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2023-07-07 CVE-2023-37173 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2023-07-07 CVE-2023-37145 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-07-07 CVE-2023-37146 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8