Lucene search
+L

12334 matches found

nuclei
nuclei
added yesterday66 views

TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass

TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-42887 info:...

9.8CVSS7.1AI score0.42853EPSS
Exploits1References3
nuclei
nuclei
added yesterday93 views

TOTOLink - Unauthenticated Command Injection

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter. id: CVE-2022-25082 info: name: TOTOLink -...

9.8CVSS7.2AI score0.15673EPSS
Exploits1References3
nuclei
nuclei
added yesterday121 views

TOTOLINK Realtek SD Routers - Remote Command Injection

TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...

9CVSS7.2AI score0.25135EPSS
Exploits3References5
nuclei
nuclei
added yesterday16 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7AI score0.08669EPSS
Exploits4References2
nuclei
nuclei
added yesterday10 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7AI score0.08669EPSS
Exploits3References2
nuclei
nuclei
added yesterday20 views

TOTOLINK A3002RU 1.0.8 - Information Disclosure

TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...

6.1CVSS6.5AI score0.00991EPSS
Exploits1References2
nuclei
nuclei
added yesterday50 views

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: |...

9.8CVSS7AI score0.06172EPSS
Exploits1References1
nuclei
nuclei
added yesterday167 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS6.9AI score0.20737EPSS
Exploits1References4
nuclei
nuclei
added yesterday138 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.2AI score0.03817EPSS
Exploits1References3
nuclei
nuclei
added yesterday166 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.2AI score0.25889EPSS
Exploits4References4
nuclei
nuclei
added yesterday18 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7AI score0.29557EPSS
Exploits3References2
nuclei
nuclei
added yesterday158 views

TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

9.8CVSS7.3AI score0.65412EPSS
Exploits2References5
nuclei
nuclei
added yesterday37 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.4AI score0.0379EPSS
Exploits0References4
nuclei
nuclei
added yesterday30 views

TotoLink Router setPortForwardRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. id: CVE-2024-24329 info: name: TotoLink Router setPortForwardRules - Command Injection author: pussycat0x severity: critical description...

9.8CVSS7AI score0.06172EPSS
Exploits1References1
nvd
nvd
added 3 days ago4 views

CVE-2026-15701

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. Affected by this issue is the function FormLogout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out...

10CVSS0.00785EPSS
Exploits0References6
cvelist
cvelist
added 3 days ago30 views

CVE-2026-15701 Totolink NR1800X lighttpd formLogout.htm Form_Logout stack-based overflow

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. Affected by this issue is the function FormLogout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out...

10CVSS0.00785EPSS
Exploits0References6
cve
cve
added 3 days ago9 views

CVE-2026-15701

CVE-2026-15701 affects Totolink NR1800X (firmware 9.1.0u.6279_B20210910) where the vulnerable component is lighttpd’s Form_Logout function in /formLogout.htm. The issue arises from manipulating the Host argument, triggering a stack-based buffer overflow. The vulnerability is exploitable remotely,...

10CVSS7.4AI score0.00785EPSS
Exploits0References6
ptsecurity
ptsecurity
added 3 days ago6 views

PT-2026-58102

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow occurs in the Form Logout function within the /formLogout.htm file of the lighttpd component. This issue is triggered by the manipulation of the Host...

10CVSS7.2AI score0.00785EPSS
Exploits0References9
euvd
euvd
added last week8 views

EUVD-2026-42725

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185RT10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References13
nvd
nvd
added 2026/07/09 10:17 p.m.11 views

CVE-2026-15271

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185RT10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...

7.7CVSS0.00407EPSS
Exploits0References12
Rows per page
Query Builder