30 matches found
TOTOLink A7000R 安全漏洞
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid parameter of the urldecode function failing...
CVE-2025-51452
In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
CVE-2023-49417
TOTOLink A7000R V9.1.0u.6115B20201022 has a stack overflow vulnerability via setOpModeCfg...
CVE-2023-49417
TOTOLink A7000R V9.1.0u.6115B20201022 has a stack overflow vulnerability via setOpModeCfg...
CVE-2023-49418
TOTOLink A7000R V9.1.0u.6115B20201022has a stack overflow vulnerability via setIpPortFilterRules...
CVE-2023-49418
TOTOLink A7000R, version 9.1.0u.6115_B20201022, contains a stack overflow in setIpPortFilterRules. Root cause: improper input handling in setIpPortFilterRules leading to stack overflow. Impact: as described across sources, could allow arbitrary code execution or cause denial of service; exploitat...
CVE-2023-49417
The CVE-2023-49417 entry concerns TOTOLink A7000R, version 9.1.0u.6115_B20201022, with a stack/stack buffer overflow in the setOpModeCfg function. Multiple connected sources describe a vulnerability where input length is not properly validated, enabling an attacker to potentially execute arbitrar...
CVE-2022-37084
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function...
CVE-2022-37082
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the hosttime parameter at the function NTPSyncWithHost...
CVE-2022-37082
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the hosttime parameter at the function NTPSyncWithHost...
CVE-2022-37081
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg...
Stack overflow
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg...
CVE-2022-37076
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...
Stack overflow
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...
CVE-2022-37084
The CVE-2022-37084 entry concerns TOTOLINK A7000R hardware running v9.1.0u.6115_B20201022. A stack overflow is triggered via the sPort parameter in the addEffect function. This is described across multiple sources (NVD and Red Hat), with a CVSS v3.1 base score of 7.8 (HIGH) and impact to confiden...
CVE-2022-37083
CVE-2022-37083 affects TOTOLINK A7000R (V9.1.0u.6115_B20201022). A command injection flaw exists via the ip parameter in setDiagnosisCfg. Impact per sources implies potential arbitrary command execution with high impact; CVSSv3.1 base score 7.8 (L, L, Phr, U). Exploitation status is not provided ...
CVE-2022-37083
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg...
CVE-2022-37081
CVE-2022-37081 affects TOTOLINK A7000R (version 9.1.0u.6115_B20201022). A command injection vulnerability exists in the API endpoint setting/setTracerouteCfg, exploitable via the command parameter. The NVD entry lists a CVSS v3.1 base score of 7.8 (HIGH) with Local attack vector, Low attack compl...
CVE-2022-37080
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg...
CVE-2022-37078
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg...