CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

227 matches found

RedhatCVE•added 2025/04/26 5:10 a.m.•12 views

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

9.8CVSS7.5AI score0.01052EPSS

Exploits1References1

OSV•added 2025/04/22 2:15 p.m.•1 views

CVE-2025-28034

9.8CVSS5.9AI score0.01052EPSS

Exploits1References2

NVD•added 2025/04/22 2:15 p.m.•15 views

CVE-2025-28034

9.8CVSS0.01052EPSS

Exploits1References2

CVE•added 2025/04/22 12:0 a.m.•69 views

CVE-2025-28034

CVE-2025-28034 affects several TOTOLINK devices (A800R, A810R, A830R, A950RG, A3000RU, A3100R). The vulnerability is a pre-auth remote command execution in the NTPSyncWithHost function via the hostTime parameter. No explicit exploitation details are provided in the documents; exploit status is no...

9.8CVSS7.6AI score0.01052EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/04/22 12:0 a.m.•3 views

PT-2025-17543 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...

9.8CVSS6.4AI score0.01052EPSS

Exploits1References8

CNNVD•added 2025/04/22 12:0 a.m.•2 views

TOTOLINK多款产品安全漏洞

TOTOLINK A800R and others are products of China Gion Electronics TOTOLINK.TOTOLINK A800R is a wireless router.TOTOLINK A830R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band...

9.8CVSS7.1AI score0.01052EPSS

Exploits1References1

Cvelist•added 2025/04/22 12:0 a.m.•20 views

CVE-2025-28034

0.01052EPSS

Exploits1References1

Vulnrichment•added 2025/04/22 12:0 a.m.•6 views

CVE-2025-28034

7.4AI score0.01052EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 5:34 a.m.•13 views

CVE-2024-36783

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection via the hosttime parameter in the NTPSyncWithHost function...

9.8CVSS7.8AI score0.01386EPSS

Exploits0References3

RedhatCVE•added 2025/02/14 12:41 a.m.•10 views

CVE-2024-35397

TOTOLINK CP900L v4.1.5cu.798B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.8CVSS8.5AI score0.18985EPSS

Exploits0References4

CNVD•added 2024/08/02 12:0 a.m.•8 views

TOTOLINK LR1200GB Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. The TOTOLINK LR1200GB version 9.3.1cu.2832 suffers from a command injection vulnerability that originates from the hosttime parameter in the NTPSyncWithHost function on the /cgi-bin/cstecgi.cgi pag...

8.8CVSS7.5AI score0.03347EPSS

Exploits1References1

NVD•added 2024/07/30 4:15 a.m.•19 views

CVE-2024-7215

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...

8.8CVSS0.03347EPSS

Exploits1References4

CVE•added 2024/07/30 3:31 a.m.•65 views

CVE-2024-7215

TOTOLINK LR1200 (firmware 9.3.1cu.2832) contains a command injection vulnerability in the NTPSyncWithHost function exposed via /cgi-bin/cstecgi.cgi. The host_time parameter is not properly sanitized, allowing arbitrary command execution. Exploitation may be performed remotely, and public disclosu...

8.8CVSS6.9AI score0.03347EPSS

Exploits1References4Affected Software1

Cvelist•added 2024/07/30 3:31 a.m.•30 views

CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection

6.5CVSS0.03347EPSS

Exploits1References4

Vulnrichment•added 2024/07/30 3:31 a.m.•19 views

CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection

6.5CVSS7.3AI score0.03347EPSS

Exploits1References4

CNNVD•added 2024/07/30 12:0 a.m.•3 views

TOTOLINK LR1200GB 命令注入漏洞

8.8CVSS7.8AI score0.03347EPSS

Exploits1References5

CNVD•added 2024/07/29 12:0 a.m.•2 views

TOTOLINK A3600R cstecgi.cgi file NTPSyncWithHost function OS command injection vulnerability

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China Gion Electronics. The TOTOLINK A3600R suffers from an OS command injection vulnerability, which is located in the NTPSyncWithHost function in the /cgi-bin/cstecgi.cgi file, and stems from improper handling of the hostTime parameter,...

8.8CVSS7.6AI score0.03086EPSS

Exploits1References1

OSV•added 2024/07/28 11:15 p.m.•2 views

CVE-2024-7171

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The...

8.8CVSS5.5AI score0.03086EPSS

Exploits1References4

NVD•added 2024/07/28 11:15 p.m.•21 views

CVE-2024-7171

8.8CVSS0.03086EPSS

Exploits1References4

Vulnrichment•added 2024/07/28 10:31 p.m.•13 views

CVE-2024-7171 TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection

6.5CVSS7.4AI score0.03086EPSS

Exploits1References4

Rows per page