Vulnerabilities > Totolink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-45733 | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. | 10.0 |
| 2022-02-04 | CVE-2021-45738 | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. | 10.0 |
| 2022-02-04 | CVE-2021-45740 | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. | 9.8 |
| 2022-02-04 | CVE-2021-45742 | Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. | 10.0 |
| 2020-12-09 | CVE-2020-25499 | Command Injection vulnerability in Totolink products TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. | 9.0 |
| 2020-11-24 | CVE-2015-9551 | Unspecified vulnerability in Totolink products An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. | 10.0 |
| 2018-11-27 | CVE-2018-13316 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | 10.0 |
| 2018-11-27 | CVE-2018-13314 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | 10.0 |
| 2018-11-27 | CVE-2018-13307 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. | 10.0 |
| 2018-11-27 | CVE-2018-13306 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | 10.0 |