Lucene search
+L

62 matches found

cnvd
cnvd
added 2023/08/24 12:0 a.m.4 views

TOTOLINK X5000R setLanguageCfg Function Code Execution Vulnerability

TOTOLINK X5000R is a wireless router from TOTOLINK that supports Wi-Fi 6 technology with full coverage Mesh system and dual band transmission. The TOTOLINK X5000R suffers from a code execution vulnerability that stems from the lang parameter of the setLanguageCfg function failing to properly filt...

9.8CVSS8.2AI score0.01391EPSS
Exploits1References1
osv
osv
added 2023/08/21 2:15 a.m.5 views

CVE-2023-39617

TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

9.8CVSS6.3AI score
Exploits0References1
cnvd
cnvd
added 2023/07/11 12:0 a.m.5 views

TOTOLINK A3300R setLanguageCfg Method Code Execution Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...

9.8CVSS7.7AI score0.01675EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/07/07 12:0 a.m.7 views

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...

9.8CVSS7.6AI score0.01675EPSS
Exploits1References2
cnvd
cnvd
added 2022/11/25 12:0 a.m.3 views

TOTOLINK LR350 setLanguageCfg Function Buffer Overflow Vulnerability

TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability stems from a buffer overflow after validation via the...

8.8CVSS8.4AI score0.0211EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/11/23 12:0 a.m.5 views

TOTOLINK LR350 缓冲区错误漏洞

TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability stems from a buffer overflow after validation via the...

8.8CVSS8.3AI score0.0211EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/10/06 12:0 a.m.7 views

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which stems from the lack...

8.8CVSS7.8AI score0.00848EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/08/25 12:0 a.m.4 views

TOTOLINK A3700R 缓冲区错误漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the lang parameter of the setLanguageCfg method...

7.8CVSS5.5AI score0.00304EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/08/25 12:0 a.m.6 views

PT-2022-23792 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was found via the lang parameter at the "/setting/setLanguageCfg" API endpoint. This allows for potential command injection attacks. Recommendations: For...

7.8CVSS7.7AI score0.00932EPSS
Exploits1References3
cnnvd
cnnvd
added 2022/08/25 12:0 a.m.5 views

TOTOLINK A7000R 缓冲区错误漏洞

The TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. A buffer error vulnerability exists in TOTOLINK A7000R version V9.1.0u.6115B20201022, which stems from a command injection issue with the addEffect parameter in the /setting/setLanguageCfg location...

7.8CVSS5.8AI score0.00932EPSS
Exploits1References2
osv
osv
added 2022/07/07 7:15 p.m.3 views

CVE-2022-32449

TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...

9.8CVSS5.8AI score0.18433EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/07/01 10:15 p.m.4 views

CVE-2022-32411

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell...

7.2CVSS7.1AI score0.00863EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/07/01 12:0 a.m.7 views

HongCMS 安全漏洞

HongCMS is an open source lightweight content management system CMS. A security vulnerability exists in HongCMS v3.0 that stems from an issue in the language configuration file that allows an attacker to obtain a shell...

7.2CVSS7.1AI score0.00863EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/06/03 2:15 p.m.2 views

CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...

9.8CVSS7.4AI score0.01876EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/05/10 12:0 a.m.7 views

PT-2022-19301 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was discovered via the langtype parameter in the "/setting/setLanguageCfg" API endpoint. This allows for potential command execution. No information is provide...

10CVSS9.6AI score0.02492EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/05/10 12:0 a.m.5 views

TOTOLINK N600R 操作系统命令注入漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics, Inc. A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the lagtype parameter in /setting/setLanguageCfg...

10CVSS8.4AI score0.02492EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/03/15 12:0 a.m.5 views

PT-2022-17721 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...

9.8CVSS9.8AI score0.0224EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2021/07/13 12:0 a.m.11 views

The vulnerability of the microprogrammed software of Western Digital’s WD My Book Live and WD My Book Live Duo storage devices arises from the failure to eliminate the special components used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the microprogrammed software for Western Digital WD My Book Live and WD My Book Live Duo exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute...

10CVSS7.8AI score0.30284EPSS
Exploits0References3
nvd
nvd
added 2019/06/19 4:15 p.m.21 views

CVE-2018-18472

Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the...

10CVSS7.9AI score0.30284EPSS
Exploits0References3
prion
prion
added 2019/06/19 4:15 p.m.26 views

Design/Logic Flaw

Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the...

10CVSS7.8AI score0.30284EPSS
Exploits0References3
Rows per page
Query Builder