Vulnerabilities > Totolink > T6 Firmware > 4.1.5cu.709.b20210518

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-38823 Use of Hard-coded Credentials vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
 9.8
9.8
2022-09-16 CVE-2022-38826 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-09-16 CVE-2022-38827 Classic Buffer Overflow vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2022-09-16 CVE-2022-38828 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi
network
low complexity
totolink CWE-78
critical
 9.8
9.8