Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-28582 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-05 CVE-2022-28583 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-05 CVE-2022-28584 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-02 CVE-2020-23617 Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
network
low complexity
totolink CWE-79
6.1
2022-03-31 CVE-2021-43661 Cross-site Scripting vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
network
low complexity
totolink CWE-79
6.1
2022-03-31 CVE-2021-43662 Allocation of Resources Without Limits or Throttling vulnerability in Totolink A720R Firmware and Ex300 V2 Firmware
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
low complexity
totolink CWE-770
6.5
2022-03-31 CVE-2021-43663 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
high complexity
totolink CWE-77
7.5
2022-03-30 CVE-2021-43664 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
network
high complexity
totolink CWE-77
8.1
2022-03-30 CVE-2021-46006 Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated.
network
low complexity
totolink CWE-306
6.5
2022-03-30 CVE-2021-46007 OS Command Injection vulnerability in Totolink Ar3100R Firmware 5.9C.4577
totolink a3100r V5.9c.4577 is vulnerable to os command injection.
network
low complexity
totolink CWE-78
critical
9.8