Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-41518 OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-29 CVE-2022-40475 OS Command Injection vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-16 CVE-2022-38823 Use of Hard-coded Credentials vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
 9.8
9.8
2022-09-16 CVE-2022-38826 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-16 CVE-2022-38827 Classic Buffer Overflow vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2022-09-16 CVE-2022-38828 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-15 CVE-2022-38534 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.
network
low complexity
totolink CWE-78
7.2
7.2
2022-09-15 CVE-2022-38535 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.
network
low complexity
totolink CWE-78
7.2
7.2
2022-09-14 CVE-2022-38308 OS Command Injection vulnerability in Totolink A7000Ru Firmware 7.4Cu.2313B20191024
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-06 CVE-2022-37839 Classic Buffer Overflow vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027
TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.
network
low complexity
totolink CWE-120
critical
 9.8
9.8