62 matches found
TOTOLINK X5000R setLanguageCfg Function Code Execution Vulnerability
TOTOLINK X5000R is a wireless router from TOTOLINK that supports Wi-Fi 6 technology with full coverage Mesh system and dual band transmission. The TOTOLINK X5000R suffers from a code execution vulnerability that stems from the lang parameter of the setLanguageCfg function failing to properly filt...
CVE-2023-39617
TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
TOTOLINK A3300R setLanguageCfg Method Code Execution Vulnerability
TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...
TOTOLINK A3300R 操作系统命令注入漏洞
TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...
TOTOLINK LR350 setLanguageCfg Function Buffer Overflow Vulnerability
TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability stems from a buffer overflow after validation via the...
TOTOLINK LR350 缓冲区错误漏洞
TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability stems from a buffer overflow after validation via the...
TOTOLINK NR1800X 缓冲区错误漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which stems from the lack...
TOTOLINK A3700R 缓冲区错误漏洞
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the lang parameter of the setLanguageCfg method...
PT-2022-23792 · Totolink · Totolink A7000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was found via the lang parameter at the "/setting/setLanguageCfg" API endpoint. This allows for potential command injection attacks. Recommendations: For...
TOTOLINK A7000R 缓冲区错误漏洞
The TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. A buffer error vulnerability exists in TOTOLINK A7000R version V9.1.0u.6115B20201022, which stems from a command injection issue with the addEffect parameter in the /setting/setLanguageCfg location...
CVE-2022-32449
TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell...
HongCMS 安全漏洞
HongCMS is an open source lightweight content management system CMS. A security vulnerability exists in HongCMS v3.0 that stems from an issue in the language configuration file that allows an attacker to obtain a shell...
CVE-2021-42888
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...
PT-2022-19301 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was discovered via the langtype parameter in the "/setting/setLanguageCfg" API endpoint. This allows for potential command execution. No information is provide...
TOTOLINK N600R 操作系统命令注入漏洞
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics, Inc. A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the lagtype parameter in /setting/setLanguageCfg...
PT-2022-17721 · Totolink · Totolink A3100R +5
Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...
The vulnerability of the microprogrammed software of Western Digital’s WD My Book Live and WD My Book Live Duo storage devices arises from the failure to eliminate the special components used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of the microprogrammed software for Western Digital WD My Book Live and WD My Book Live Duo exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute...
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the...
Design/Logic Flaw
Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the...