Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-0944 Insufficient Session Expiration vulnerability in Totolink T8 Firmware 4.1.5Cu.83320220905
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905.
network
low complexity
totolink CWE-613
5.3
5.3
2024-01-25 CVE-2024-22529 Command Injection vulnerability in Totolink X2000R Firmware 2.0.0B20230727.10434
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-01-24 CVE-2023-52038 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-01-24 CVE-2023-52039 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-01-24 CVE-2023-52040 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-01-23 CVE-2024-22660 Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2024-01-23 CVE-2024-22662 Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2024-01-23 CVE-2024-22663 Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-01-16 CVE-2023-52042 Unspecified vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
network
low complexity
totolink
critical
 9.8
9.8
2024-01-16 CVE-2023-52041 Unspecified vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
network
low complexity
totolink
critical
 9.8
9.8