Vulnerabilities > Totolink > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-29639 Unspecified vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
network
high complexity
totolink
8.1
8.1
2022-05-18 CVE-2022-29640 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules.
network
low complexity
totolink CWE-787
7.8
7.8
2022-05-18 CVE-2022-29641 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules.
network
low complexity
totolink CWE-787
7.8
7.8
2022-05-18 CVE-2022-29642 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules.
network
low complexity
totolink CWE-787
7.8
7.8
2022-05-18 CVE-2022-29643 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos.
network
low complexity
totolink CWE-787
7.8
7.8
2022-03-31 CVE-2021-43663 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. 		7.9
7.9
2022-03-30 CVE-2021-46008 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 5.9C.4577
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. 		7.9
7.9
2022-03-25 CVE-2021-43636 Classic Buffer Overflow vulnerability in Totolink T10 V2 Firmware 4.1.8Cu.5207B20210320
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
network
low complexity
totolink CWE-120
7.5
7.5
2022-03-22 CVE-2022-26186 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
network
low complexity
totolink CWE-77
7.5
7.5
2022-03-22 CVE-2022-26187 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
network
low complexity
totolink CWE-77
7.5
7.5