Vulnerabilities > Totolink > X2000R Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-20 | CVE-2024-29419 | Cross-site Scripting vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452/1.0.0B20230221.0948/1.0.0B20230221.0948.Web There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | 5.4 |
| 2024-03-15 | CVE-2024-28401 | Cross-site Scripting vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452/1.0.0B20230221.0948/1.0.0B20230221.0948.Web TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | 5.4 |
| 2024-03-15 | CVE-2024-28403 | Cross-site Scripting vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452/1.0.0B20230221.0948/1.0.0B20230221.0948.Web TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. | 5.4 |
| 2024-01-25 | CVE-2024-22529 | Command Injection vulnerability in Totolink X2000R Firmware 2.0.0B20230727.10434 TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | 9.8 |
| 2024-01-16 | CVE-2024-0579 | Unspecified vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452 A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. | 9.8 |
| 2024-01-09 | CVE-2023-7222 | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452 A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. | 9.8 |
| 2024-01-07 | CVE-2023-7208 | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 2.0.0B20230727.10434 A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. | 9.8 |
| 2023-12-30 | CVE-2023-51133 | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | 9.8 |
| 2023-12-30 | CVE-2023-51135 | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | 9.8 |
| 2023-12-30 | CVE-2023-51136 | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | 9.8 |