Vulnerabilities > Totolink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-24333 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | 9.8 |
| 2024-01-29 | CVE-2024-1001 | Stack-based Buffer Overflow vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216 A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. | 9.8 |
| 2024-01-25 | CVE-2024-22529 | Command Injection vulnerability in Totolink X2000R Firmware 2.0.0B20230727.10434 TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | 9.8 |
| 2024-01-24 | CVE-2023-52038 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | 9.8 |
| 2024-01-24 | CVE-2023-52039 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | 9.8 |
| 2024-01-24 | CVE-2023-52040 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | 9.8 |
| 2024-01-23 | CVE-2024-22660 | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | 9.8 |
| 2024-01-23 | CVE-2024-22662 | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | 9.8 |
| 2024-01-23 | CVE-2024-22663 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | 9.8 |
| 2024-01-16 | CVE-2023-52042 | Unspecified vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | 9.8 |