CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost...

10CVSS5.8AI score0.02463EPSS

In wildExploits1References4

RedhatCVE•added 2025/05/23 9:49 a.m.•5 views

CVE-2024-7171

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The...

8.8CVSS9.1AI score0.03086EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:46 a.m.•9 views

CVE-2024-25468

An issue in TOTOLINK X5000R V.9.1.0u.6369B20230113 allows a remote attacker to cause a denial of service via the hosttime parameter of the NTPSyncWithHost component...

7.5CVSS6.9AI score0.00927EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:6 a.m.•3 views

CVE-2024-7215

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...

8.8CVSS7.6AI score0.03347EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:40 a.m.•13 views

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

9.8CVSS8.4AI score0.01368EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:0 a.m.•4 views

CVE-2023-51035

TOTOLINK EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface...

9.8CVSS7.3AI score0.01297EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:59 a.m.•5 views

CVE-2023-51023

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...

9.8CVSS7.2AI score0.0097EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:5 a.m.•5 views

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS8.1AI score0.04663EPSS

Exploits1References1

BDU FSTEC•added 2025/05/23 12:0 a.m.•15 views

The vulnerability of the NTPSyncWithHost() function in Totolink’s microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in Totolink router microprogramming software is related to the failure to take measures to neutralize special elements of the hostTime parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS5.9AI score0.01052EPSS

Exploits1References3Affected Software6

RedhatCVE•added 2025/05/22 11:16 p.m.•4 views

CVE-2022-36479

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the hosttime parameter in the function NTPSyncWithHost...

7.8CVSS8AI score0.01147EPSS

Exploits1References1

CNVD•added 2025/05/14 12:0 a.m.•2 views

TOTOLINK CA600-PoE NTPSyncWithHost Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the NTPSyncWithHost function failing to properly filter construct command special characters, commands, etc. No detailed...

6.5CVSS6.9AI score0.00903EPSS

Exploits1References1

RedhatCVE•added 2025/05/03 1:28 a.m.•14 views

CVE-2025-44845

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.5CVSS8.5AI score0.00903EPSS

Exploits1References1

OSV•added 2025/05/01 5:15 p.m.•3 views

CVE-2025-44845

6.5CVSS6.1AI score0.00903EPSS

Exploits1References1

Cvelist•added 2025/05/01 12:0 a.m.•9 views

CVE-2025-44845

0.00903EPSS

Exploits1References1

CVE•added 2025/05/01 12:0 a.m.•56 views

CVE-2025-44845

CVE-2025-44845 affects TOTOLINK CA600-PoE V5.3c.6665_B20180820. The NTPSyncWithHost function is vulnerable via the hostTime parameter, allowing an attacker to execute arbitrary commands through a crafted request. Reported across multiple sources (NVD/Red Hat/CNVD) with the same vulnerability desc...

6.5CVSS7.9AI score0.00903EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/05/01 12:0 a.m.•1 views

TOTOLINK CA600-PoE 安全漏洞

6.5CVSS7.5AI score0.00903EPSS

Exploits1References1

Positive Technologies•added 2025/05/01 12:0 a.m.•2 views

PT-2025-18666 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: The issue is related to a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This allows attackers to execute arbitrary commands via a crafte...

6.5CVSS7.8AI score0.00903EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by