Vulnerabilities > Totolink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-46992 | Unspecified vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. | 7.5 |
| 2023-10-31 | CVE-2023-46978 | Missing Authentication for Critical Function vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | 7.5 |
| 2023-10-16 | CVE-2023-45985 | Out-of-bounds Write vulnerability in Totolink A7000R Firmware and X5000R Firmware TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. | 7.5 |
| 2023-09-04 | CVE-2023-4746 | Use of Externally-Controlled Format String vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6437B20230519 A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. | 8.8 |
| 2023-07-17 | CVE-2023-34669 | Unspecified vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594 TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | 7.5 |
| 2023-05-31 | CVE-2023-33485 | Out-of-bounds Write vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113 TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | 8.8 |
| 2023-02-03 | CVE-2023-24147 | Use of Hard-coded Credentials vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. | 7.5 |
| 2023-01-27 | CVE-2022-48069 | OS Command Injection vulnerability in Totolink A830R Firmware 4.1.2Cu.5182 Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | 7.5 |
| 2022-11-23 | CVE-2022-44253 | Out-of-bounds Write vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | 8.8 |
| 2022-11-23 | CVE-2022-44254 | Out-of-bounds Write vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | 8.8 |