Vulnerabilities > Totolink
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-30 | CVE-2023-48806 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-30 | CVE-2023-48807 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-30 | CVE-2023-48808 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-30 | CVE-2023-48810 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-30 | CVE-2023-48811 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-30 | CVE-2023-48812 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
2023-11-20 | CVE-2023-48192 | Code Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | 7.8 |
2023-10-31 | CVE-2023-46484 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | 9.8 |
2023-10-31 | CVE-2023-46485 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | 9.8 |
2023-10-31 | CVE-2023-46992 | Unspecified vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. | 7.5 |