Filtered by vendor Totolink
Subscribe
Total
514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26214 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. | |||||
| CVE-2022-44250 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | |||||
| CVE-2022-44249 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2022-26211 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26209 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2021-42893 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | |||||
| CVE-2022-44251 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | |||||
| CVE-2022-27005 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-27003 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-38828 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi | |||||
| CVE-2022-37078 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | |||||
| CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | |||||
| CVE-2022-36486 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-28494 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26206 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-32046 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. | |||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | |||||
| CVE-2022-25082 | 1 Totolink | 2 A950rg, A950rg Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-48126 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||