Lucene search
+L

594 matches found

NVD
NVD
added 2026/07/09 6:16 p.m.10 views

CVE-2026-15204

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS0.00488EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 5:45 p.m.9 views

EUVD-2026-42660

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 5:45 p.m.34 views

CVE-2026-15204 TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS0.00488EPSS
Exploits0References6
CVE
CVE
added 2026/07/09 5:45 p.m.15 views

CVE-2026-15204

TOTOLINK X5000R is affected by CVE-2026-15204. The OpenVPN Export feature (file /web/cgi-bin/cstecgi.cgi, function exportOvpn) is vulnerable to path traversal. The vulnerability can be exploited remotely. Details in connected records identify the affected product/version (9.1.0cu.2415_B20250515/9...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.8AI score0.00463EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 6:32 a.m.11 views

EUVD-2026-28528

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS5.9AI score0.00463EPSS
Exploits0References6
NVD
NVD
added 2026/05/08 5:16 a.m.17 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/08 4:0 a.m.11 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.5AI score0.00463EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 4:0 a.m.8 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.5AI score0.00463EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 4:0 a.m.44 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00463EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 4:0 a.m.20 views

CVE-2026-8137

The CVE-2026-8137 entry affects Totolink X5000R (firmware 9.1.0u.6369_B20230113). The vulnerable component is the function sub_458E40 in /boafrm/formDdns, where manipulation of the submit-url argument causes a buffer overflow. Remote exploitation is possible, and the exploit has been disclosed pu...

9CVSS7.5AI score0.00463EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

TOTOLINK X5000R 缓冲区错误漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The version 9.1.0u.6369B20230113 of the Totolink X5000R contains a buffer error vulnerability. This vulnerability stems from improper handling of the submit-url parameter in the function sub458E40 within the...

9CVSS7.7AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-38664

Name of the Vulnerable Software and Affected Versions Totolink X5000R version 9.1.0u.6369 B20230113 Description A buffer overflow occurs in the sub 458E40 function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the submit-url argument, allowing for remote...

9CVSS7.4AI score0.00463EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.9 views

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

10CVSS8.4AI score0.0761EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:7 a.m.10 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS5.5AI score0.00332EPSS
Exploits1References1
OSV
OSV
added 2026/02/24 3:21 p.m.8 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS5.8AI score0.00332EPSS
Exploits1References2
NVD
NVD
added 2026/02/24 3:21 p.m.7 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS0.00332EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/24 1:44 a.m.9 views

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

9.8CVSS5.7AI score0.00693EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/24 1:44 a.m.6 views

CVE-2025-70329

TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...

8CVSS6AI score0.03183EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21743

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc wit...

7.5CVSS6AI score0.00332EPSS
Exploits1References5
Rows per page
Query Builder