Vulnerabilities > Totolink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-44844 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-11-23 CVE-2022-44249 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-11-23 CVE-2022-44250 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-11-23 CVE-2022-44251 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-11-23 CVE-2022-44252 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-11-23 CVE-2022-44255 Out-of-bounds Write vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2022-10-06 CVE-2022-41522 Out-of-bounds Write vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2022-10-06 CVE-2022-41525 OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-10-06 CVE-2022-41518 OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-29 CVE-2022-40475 OS Command Injection vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8