Vulnerabilities > Totolink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2021-46009 Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication.
network
low complexity
totolink CWE-306
critical
9.8
2022-03-25 CVE-2021-43636 Classic Buffer Overflow vulnerability in Totolink T10 V2 Firmware 4.1.8Cu.5207B20210320
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
network
low complexity
totolink CWE-120
critical
9.8
2022-03-22 CVE-2022-26186 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
network
low complexity
totolink CWE-77
critical
9.8
2022-03-22 CVE-2022-26187 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
network
low complexity
totolink CWE-77
critical
9.8
2022-03-22 CVE-2022-26188 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.
network
low complexity
totolink CWE-77
critical
9.8
2022-03-22 CVE-2022-26189 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.
network
low complexity
totolink CWE-77
critical
9.8
2022-03-15 CVE-2022-26206 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26207 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26208 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26209 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter.
network
low complexity
totolink CWE-78
critical
9.8