Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2022-28907 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28908 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28909 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28910 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28911 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28912 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28913 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-05 CVE-2022-27411 Unspecified vulnerability in Totolink N600R Firmware 5.3C.5507B20171031
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.
network
low complexity
totolink
critical
9.8
2022-05-05 CVE-2022-28575 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
network
low complexity
totolink CWE-78
critical
9.8
2022-05-05 CVE-2022-28577 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
network
low complexity
totolink CWE-78
critical
9.8