CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/08/25 2:15 p.m.•1 views

CVE-2022-36462

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

7.8CVSS5.8AI score0.00055EPSS

NVD•added 2022/08/25 2:15 p.m.•14 views

CVE-2022-36462

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

7.8CVSS0.00055EPSS

Prion•added 2022/08/25 2:15 p.m.•22 views

Command injection

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg...

4.3CVSS7.9AI score0.0018EPSS

Prion•added 2022/08/25 2:15 p.m.•15 views

Stack overflow

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

4.3CVSS7.8AI score0.00055EPSS

Cvelist•added 2022/08/25 2:3 p.m.•16 views

CVE-2022-37078

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg...

8.1AI score0.0018EPSS

CVE•added 2022/08/25 1:54 p.m.•60 views

CVE-2022-36482

CVE-2022-36482 applies to TOTOLINK N350RT, version 9.3.5u.6139_B20201216, where a command injection flaw exists in the function setLanguageCfg exposed through the lang parameter . The vulnerability could allow arbitrary command execution with local access and could impact confidentiality, integri...

7.8CVSS7.8AI score0.0018EPSS

Cvelist•added 2022/08/25 1:54 p.m.•18 views

CVE-2022-36482

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg...

8.1AI score0.0018EPSS

Cvelist•added 2022/08/25 1:53 p.m.•19 views

CVE-2022-36462

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

8AI score0.00055EPSS

CVE•added 2022/08/25 1:53 p.m.•58 views

CVE-2022-36462

TOTOLINK A3700R V9.1.2u.6134_B20201202 is affected by a stack overflow in setLanguageCfg via the lang parameter. Root cause: improper handling of the lang input leading to stack overflow. Impact per CVSS is HIGH (local, no user interaction). No official patch details are provided in the sources; ...

7.8CVSS7.8AI score0.00055EPSS

CNNVD•added 2022/08/25 12:0 a.m.•1 views

TOTOLINK A3700R 缓冲区错误漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the lang parameter of the setLanguageCfg method...

7.8CVSS5.5AI score0.00055EPSS

Positive Technologies•added 2022/08/25 12:0 a.m.•2 views

PT-2022-23404 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350RT version 9.3.5u.6139 B20201216 Description: A command injection issue was found via the lang parameter in the setLanguageCfg function. Recommendations: For version 9.3.5u.6139 B20201216, avoid using the lang parameter in the...

7.8CVSS7.9AI score0.0018EPSS

ATTACKERKB•added 2022/07/07 7:15 p.m.•3 views

CVE-2022-32449

TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...

10CVSS7.4AI score0.13299EPSS

Exploits1References3

NVD•added 2022/07/07 7:15 p.m.•12 views

CVE-2022-32449

10CVSS0.13299EPSS

Prion•added 2022/07/07 7:15 p.m.•19 views

Command injection

10CVSS9.6AI score0.13299EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/07/07 12:0 a.m.•3 views

PT-2022-21325 · Totolink · Totolink Ex300 V2

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX300 V2 version 4.0.3c.7484 Description: A command injection issue was found via the langType parameter in the setLanguageCfg function. This issue can be exploited through a crafted MQTT data packet. Recommendations: For TOTOLINK...

10CVSS9.6AI score0.13299EPSS

Exploits1References6

Cvelist•added 2022/07/07 12:0 a.m.•18 views

CVE-2022-32449

9.8AI score0.13299EPSS

CNNVD•added 2022/07/07 12:0 a.m.•4 views

TOTOLINK EX300 命令注入漏洞

The TOTOLINK EX300 is a 300 Mbps wireless N-range extender from China's TOTOLINK. A security vulnerability exists in TOTOLINK EX300V2 version V4.0.3c.7484, which originates from a command injection vulnerability found via the langType parameter in the setLanguageCfg function...

10CVSS8.3AI score0.13299EPSS

Exploits1References3

OSV•added 2022/06/03 2:15 p.m.•1 views

CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...

9.8CVSS5.8AI score0.10565EPSS

CVE•added 2022/06/03 1:51 p.m.•78 views

CVE-2021-42888

TOTOLINK EX1200T v4.1.2cu.5215 is affected by a remote command injection in the setLanguageCfg function of global.so, allowing control of langType. The PT-2022-11732 advisory confirms the vulnerability and provides mitigations: disable the setLanguageCfg function, restrict access to global.so, an...

9.8CVSS9.6AI score0.10565EPSS